[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] PHP, MySQL and phpmyadmin

Subject: Re: [cobalt-users] PHP, MySQL and phpmyadmin
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Mon Apr 23 05:05:00 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

"Samuel Yeats" <webdude@xxxxxxxxxxxxxxx> wrote:
> I am new to linux and cobalt, and I have a couple of servers. On one of my
> servers I am wanting to put PHP and My SQL, I have also heard that there
is
> an administration tool for My SQL called PHPMYADMIN. I have quite a few
> users on my server and I am just wondering how much of a risk installing
> this software on the server would be.

What kind of server?  I'll break down the risk for you relative to not
running these programs.  PHP has very little risk, other than someone
implementing an inefficient PHP script on a high traffic site and using more
of your CPU usage than you'd like.  You'll probably want PHP installed as an
Apache module.  Some security-related info can be found here
 http://www.php.net/manual/en/security.apache.php ).  MySQL is also very low
risk, though it should be installed to run as a non-privileged user instead
of the user 'root' ('root' is the superuser on Linux servers) because of
potential security exploits (there aren't any know exploits on newere
versions of MySQL, but there were on versions of MySQL that are over a year
old so make sure a newer MySQL is installed, preferably a newer version
3.23.x).  MySQL has its own internal user privilege system which lets you
specify which databases, tables and privileges (privileges are things like
selecting records, deleting records, deleting tables, creating users, etc.)
a user can access.  Since databases may contain sensitive data, you will
need to ensure that you understand the MySQL privilege system
 http://www.mysql.com/doc/P/r/Privilege_system.html ).  If you read the
documentation on phpMyAdmin it's pretty easy to install it in a secure
manner.  Essentially, you want a client's copy to only connect to their
database (easily configured) and you probably want to use a .htaccess to
password protect the phpMyAdmin directory (not setup this way by default) to
limit access to users who supply the proper user/password.

 If i stuff up I will have to pay a
> 50/hour 'fix up'  fee to my service provider, until its fixed.

If you're not familiar with installing programs from a source tarball on a
Linux server (or by RPM if you can find versions of the software for your
system compiled the way you want) you probably should start with something
smaller first.  If you install any of these three programs from source you
shouldn't cause any problems that will require your service provider's
assistance.  Always have good backups of your system first and know how to
restore the backups (the second step is pretty important, don't wait until
you need to to learn ).  PHP requires a few small changes to some Apache
config files.  If you back them up first or remember the lines to delete
anything you do is easily fixed.  You can't really cause any problems on
your system at all with an installation of MySQL or phpMyAdmin.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

References:
- [cobalt-users] PHP, MySQL and phpmyadmin
  - From: Samuel Yeats

Prev by Date: Re: [cobalt-users] MX perl sendmail issue
Next by Date: Re: [cobalt-users] two issues (redirecting domain and groupfile lock)
Previous by thread: [cobalt-users] PHP, MySQL and phpmyadmin
Next by thread: Re: [[cobalt-users] Cobalt RaQ behind firewall]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index