Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have been doing a lot of work on my local machine and I currently have 5 instances of Wordpress running using wamp. I am sure the answer is a matter of preference but I want to know if you should create a new user and database for each wordpress site? Here are a few of my names of my directorires that I have locally. wordpress, wordpress-dev, wpsandbox, wpxp, etc..They all have there use and I am actually adding one now which is why I am asking this question.
Currenlty each wordpress install has its own database and user with the same name so moving forward should I stick with this or is one global user assigned to each database best?
In a production environment you certainly want to have separate users to better manage permissions, minimize damage if one of the user credentials is compromised, etc.
In a development environment on your local computer I doubt it matters much, one user for all your databases is more convenient. I find myself doing that at times.
However one could make the argument that a developer should be using best practices from the get go, even in a development environment. So if your question is "should I be employing good security measure even in my local development environment" I think the answer is always "yes, unless you have a compelling reason not to."
If this is a localmachine where you have access, and only you. Then having 1 user for all databases should not be a problem.
Yes this is down to personal preference; but I see it as, in a live production web service. You should get into the practice of having 1 user with only the rights that it needs.
Example:
Database Name: Testing
Database Name: Another
Users:
Root -- Connect to append changes to the structure of the actual table/schema.
User1 -- Select, Insert, Delete and other necessary functions specific to Testing
User2 -- Same as the above, but specific to Another
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 days ago.
Improve this question
Am planning to install Moodle in Amazon EC2 with ELB. The approach am thinking of is couple of Moodle intance and couple of DB instances. each Moodle instance points the DB instances through a load balancer and each DB syncs automatically.
Please advice will it works.
I don't think that there is an option to have multiple DB instances in AWS synchronized between each other and all being both read and write. It seems they can only have read replicas, see here: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html and https://aws.amazon.com/rds/mysql/ (Replication chapter).
Also, it would also be a big overhead to synchronize a high number of DB instances. Will this be synchronous? In that case it would leave a performance penalty.
The best option would be to have a number of Moodle instances behing a LB, all of them pointing to the same DB. I do not think the bottleneck sits in the DB. If you also tune the DB, add some performant storage (SSDs, see the link above for details) everything should be ok.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I am creating a website and am expecting somewhat normal usage. I am setting up the system for now with 1 Apache Server and 2 DB servers. I want any DB operations to be reflected in both DB servers so that I can have 1 server as Backup. Now how do I do it ?
The ways I can think of are :
Perform same operations in both DB from PHP. This seems like a terrible idea.
Update 1 DB and sync both DB servers periodically. This seems better.
Is there any better way to achieve this ? How is it done in Enterprises ?
If you're using MySQL, there is quite powerful built-in replication.
Check out the docs
A terrible idea is to have backup each time a new operation happens. No modern, nor old application works this way. Even Windows System Restore makes backup on scheduled times, not on each operation.
I'd suggest you to make an sql dump script. And schedule a cron job wich will run it once a day, or twice a day. If you really need the data on the server immediately (assuming, you need if one of the DB servers crashes, your app continue working immediately with the backup server) you can make an import script, which will run once the dump finishes.
If you are not in the special case, when you need once the first DB server is shutdown'd, to have another one opened, you can just store the dumped sql files on the machine and not load them on real database, if they are not needed.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am developing an ERP application.
Next month I will recruit 2 employees, developers.
The application consists of two parts:
The core of the system
modules.
Is there a way to "protect" the core of the system for a possible theft from new employees? I do not want to see my codes with competitors in a few months (risk exists).
I thought to limit access via FTP, SVN work, etc.. but thinking about it, I found that the developer has always a way to know the core of the system files (a simple display php directory) or execute a script that will rename the. php. txt to be able to download it...
Encoding the core with Ioncube will be suffisant ?
Other solution ?
This is really a legal and not a programming matter. You should have them sign non-disclosure and non-competition agreements and call it a day - coming up with unneccessarily complex solutions is really unneccessary.
I thought to limit access via FTP, SVN work, etc.. but thinking about it, I found that the developer has always a way to know the core of the system files or execute a script that will rename the. php. txt to be able to download it...
Obviously. Realise that any security invented by a human can be circumvented by another. You still should impose such restrictions - if they do gain access to the application core, you may need to prove that this could only be possible by intentionally circumventing security measures.
To be blunt, always give employees the access they need to do their job, but never more than that.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Not much ago I upgraded to a dedicated server, and I order to make it more cost efficient for me, I decided rent some space on the server to people I know (friends, family). Some of the people I know have some other guy that is in charge of the website development, and I want to protect myself from an unauthorized access to my, or any of the other guys I rented to.
One of the cases which concerns me the most is PHP getting access to other users or me by accessing ../ from their root.
For instance, they could do something like this: foreach(glob('../*/*.*') as $some_file){unlink($some_file);} which would delete all the files from a sibling user.
How do I avoid people from doing this sort of things?
This sounds like an issue that can be resolved through system administration.
Edit your php.ini file, restricting the values in open_basedir
Make sure your users are assigned to different groups
chmod your home directories og-wx (e.g. 744, 740, 700, etc...)
Run multiple instances of apache server, possibly under different users/groups
It really depends on how much effort you want to put into it and how robust the security needs to be.
http://www.php.net/manual/en/ini.core.php#ini.open-basedir
http://wiki.apache.org/httpd/RunningMultipleApacheInstances
You should consider dctrucker post on permissions and make sure the apache process if you are running php with mod_php or the php processes if you are running it on fast-cgi dont have the permissions to change permissions. I wouldnt advice the base_opendir approach if security is your concern because then one can just use ini_set to override it (so if using that approach you should disable ini_set as well ).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I have a complicated problem, exacerbated by the fact I don't really know where to start!
Over the last few years, I've developed a number of php web-based systems. When I built them, our network was ropey at best, so I thought nothing of creating my own username/password stuff.
Since then, our network has become a lot more robust, our admins have installed an ISA server for various other things and my apps are left as frustrating relics that people forget their passwords and are never sure which one belongs to what.
I would like to be able to replace my own login code with something that will talk to the the ISA/Active directory stuff so users can just use their primary username and password to log onto my stuff too.
Part of the difficulty is that the PHP apps are hosted outside of our network, although I do also have a server inside the network to act as a gateway if necessary. All of the servers I have access to are running Linux, although I might be able to persuade someone to install a 'plugin' on a windows box if it is absolutely necessary.
Where do I start?
If PHP is running under Apache you should be able to use mod_ldap and mod_authnz_ldap to authenticate to your Active Directory server.
There's also a fairly complete LDAP API for PHP, which you should investigate.