B4J Question security of mysql db on b4j server

Discussion in 'B4J Questions' started by ArminKH, May 25, 2015.

  1. ArminKH

    ArminKH Well-Known Member

    Hi
    Before using b4j i used php for managing online db (my sql)
    always i Put my db user and pass to a php file and limit the user access just to read(permition 400 i think)
    Then on main php page like search.php i include my db.php and by using this security solution my database is safe
    Now what about b4j?
    On b4j when i want access to my my sql data base we should enter user and pass of db and maybe my server decompiled and then my user and pass is accessable simply
    What is the same security solution on b4j?
    Thank u
     
  2. Erel

    Erel Administrator Staff Member Licensed User

    How can the server be decompiled? If a hacker has access to the file system then the password in the PHP script will not be safe at all.
     
    ArminKH likes this.
  3. ArminKH

    ArminKH Well-Known Member

    Ok if the server can not be decompiled why we limit the access to our database by using permisions?
    My question is just for find a same way to ensure maximum security solutions not just for compare php and b4j
    Thanx erel
     
  4. ArminKH

    ArminKH Well-Known Member

    Has b4j any same way to include other b4j servers on same place?or any same solution?if not can this happen in future?
     
  5. Daestrum

    Daestrum Well-Known Member Licensed User

    That's the correct way. you don't give a query full access if it's only reading the database. you give it a user/password that only has read permissions set in the database.
    Most DB's have built in security for this purpose.

    A log in screen, for example, needs only read permissions on one table to decide if the log on credentials are valid. So in the DB you create a 'login' user/password and only grant read permission on 'users' table.
    Couple that with a retry delay that grows on each successive log on failure, this will frustrate a brute force attack.
     
    ArminKH likes this.
  6. ArminKH

    ArminKH Well-Known Member

    Excuse me 4 my english if i cant tell my problem exactly
    On php side we have a page like search.php and an other like db.php and also we have a my aql database
    Our database has a username and password for access to data
    Now in db.php we have our username and password values and connect to our database by using pdo
    Then we limit db.php's permission to limitest mode
    Then on search.php we just include our db.php and our user name ande pass valuse kept on secure page
    Now what about b4j?
    I know if our server hacked then each part of our server are crackable
    It can be better or safer if be a way to include an other b4j server or any same way to ensure this security solution
    And if not ok then thats not possible... :-D
    Thank u ;-)
     
  7. Erel

    Erel Administrator Staff Member Licensed User

    I'm not sure that I understand. If a hacker can access your server file system (with SSH for example) then nothing will be safe. Not the database, not the B4J servers and not the PHP scripts.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice