Databases
StackOverflow2013
Postsdbo
POmysql vulnerabilities. save data in php files or mysql databases
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POmysql vulnerabilities. save data in php files or mysql databases
    primarykey
    data
    text
    <p>i started learning a bit about mysql and while i was reading i was thinking that the security vulnerabilities on mysql are pretty immense and can't be well covered if someone doesn't truly understand pretty much everything about mysql. </p> <p>if i have a website that will store not a very big volume of information, would it be bad to store it in .php files? </p> <p>what are the implications and vulnerabilities of this? </p> <p>it seems to me that the risk is far smaller because if the .php file doesn't have an echo statement, if you try to access it all you get is a blank page, and if you are unable to 'send code' by user input and send files to the website it should be secure as far as the website is concerned (obviously that if the server itself is hacked the attacker pretty much has the control of everything but that's not the point on this matter)</p> <hr> <p>update to the question. </p> <p>it seems that what i've written above isn't producing the kind of answers that i expect and so i will try to simplify.</p> <p>what i'm looking for here is why are databases more secure than flat files without bias because most people i've read stuff about on this subject will just say databases are more secure but can't say why. yes they're faster and it's easier to manipulate the data especially if it's complex or with multiple users and there is a lot of info. about that and it's easy to understand why.</p> <p>the fact is that when i started reading about mysql a few days ago i saw that if your php is compromised most likely so are the databases so writing good secure php code is probably the first and most important line of defense to your mysql databases. </p> <p>if your php is uncompromised so is the information you stored in php files so if you write good secure php, the security of plain php files will be good. </p> <p>having databases also makes you use php functions that usually you wouldn't use and some of them possess real security holes that have to be "patched up" so writing good secure php code to work with databases is more complex than writing equally secure code to work with plain files. </p> <p>also when you have apache/php/mysql installed you have 3 things that may have entry points for hackers if they're not correctly configured and maintained, if you cut mysql loose you only have 2, you won't have to bother with sql injection for example because with no databases that's impossible to happen, you may inject all sql you want but you will get nothing. </p> <p>so for managing small amounts of data, plain files seem to me like a secure, a bit more complicated to work with the data, slower but not relevant considering that it's a small amount of data we are talking about.</p> <p>why may these deductions be wrong is the information i'm looking for with this.</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USwxiiir
    1. USwxiiir
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POmysql vulnerabilities. save data in php files or mysql databases
      1. This table or related slice is empty.
      1. VTUpMod
    1. COWhy would the storage matter? What matters is what you do with stored data. Saving something to PHP file that deletes a file on a server is a recipe for shooting your own foot.
      singulars
      1. POmysql vulnerabilities. save data in php files or mysql databases
      1. USFuricane
    2. CO@Furicane that was not the point and has nothing to do with the question. and i'm talking about storing information, not 'commands to delete stuff in valid php code'
      singulars
      1. POmysql vulnerabilities. save data in php files or mysql databases
      1. USwxiiir
    3. COSo you're saying that storing some data in mysql is a larger security hole than storing the data in a PHP file because if there's no `echo` statement, nothing will happen? I just told you that it could, because php files are executable. Theoretically, someone can store anything in that file, including malicious code. If someone stored that in mysql, the only problem is how you pull that data and what you do with it. Plus, PHP commands aren't evaluated once pulled from mysql, if you store that stuff in a php file then they are executable. Without more info, I doubt any further help is possible.
      singulars
      1. POmysql vulnerabilities. save data in php files or mysql databases
      1. USFuricane
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload