secure local mysql access

Question

I am running a xampp server and connecting to the mysql database. I'm writing some php to interface with the database. The database is mainly going to be used locally, so the problem then becomes if someone accesses the database locally, they can simply open up the php file and find the mysql login information. Is there a way to secure this information? Can I create a user who only has access to view the table, and then when someoene tries to edit, I can prompt for another password?

I'm not sure if this makes sense, but essentially I do not want someone to locally be able to see the mysql password that is stored in the mysql_connect(). I'm also open to other solutions to interface with mysql, but I am fairly limited to the xampp server, mysql, and java.

Thoughts?

Answer 1

Can I create a user who only has access to view the table, and then when someoene tries to edit, I can prompt for another password?

If you design all this logic in your webapplication, you could. By managing the users in MySQL you can create two, one that only has "select" permissions, and another that has a wider range of permissions.

Detecting when to prompt for "write password" would need to be done in your custom code though, and you could then subsequently build different strings for mysql_connect().

In general though I must agree with Brad - if you have intruders in your PHP files you have bigger problems.

Answer 2

You have to access your database credentials somehow. If someone can access your PHP files, then you have far more security problems to worry about. There is little more you can do.

I would recommend creating a DSN, and ensuring that only authorized users have access to that DSN. Again though, an attacker can easily edit your PHP files to gain access to the DB.