Webmaster Forum - View Single Post

Squibs · 09-14-2004, 03:21 AM

As a releative newbie, I've picked up most of what I need to know about php and more recently asp via google. My latest venture is likely to be popular enough to possibly generate attention from hackers. I'm worried about my mysql connections. How hard would it be for a hacker to see my source code and be able to take over my databases? Are DSN or DSNless connections safer?

Obviously I don't allow directory indexing, and my admin area uses htprotect, but my content area is open to all. Can't you set up a browser to not process the asp and instead display the code, thus gaining access to the connection details, which you could then exploit with a program like dbTools? I'm guessing the user associated with the connection for content pages should be read only?

What about the phpbb discussion forum? The user for that connection has write access to the phpp database. I currently use a script that displays recent topics from the forum on my main page.

Sorry for all the questions, but my googling has come up blank on this...

09-14-2004, 03:21 AM	#1 (permalink)
Squibs Inactive Join Date: 09-14-04 Posts: 4 iTrader: 0 / 0% Latest Blog: None	ASP, msSQL and myODBC security As a releative newbie, I've picked up most of what I need to know about php and more recently asp via google. My latest venture is likely to be popular enough to possibly generate attention from hackers. I'm worried about my mysql connections. How hard would it be for a hacker to see my source code and be able to take over my databases? Are DSN or DSNless connections safer? Obviously I don't allow directory indexing, and my admin area uses htprotect, but my content area is open to all. Can't you set up a browser to not process the asp and instead display the code, thus gaining access to the connection details, which you could then exploit with a program like dbTools? I'm guessing the user associated with the connection for content pages should be read only? What about the phpbb discussion forum? The user for that connection has write access to the phpp database. I currently use a script that displays recent topics from the forum on my main page. Sorry for all the questions, but my googling has come up blank on this...