Protect Your Database

Now that you've locked down your system and have a method for keeping prying eyes away from files and servers that they shouldn't see, let's take a look at how to protect the database itself. You'll want to follow the same procedures we outlined earlier when it comes to giving people rights to the database directory. Remember, the least-privilege rule applies to all aspects of security. Unless someone specifically needs access to the database, remove access rights to it. Your web server user account should be given access rights to the database, of course; otherwise it won't be able to modify the database through your website. That is, your site wouldn't be able to accept things such as user registrations.

The website should be open to the world to view (if indeed it is a public website), so your web server account must have rights to display the folder's files through TCP/IP. Your web server software typically sets this permission scheme for you, so you probably won't have to worry about manipulating the security settings for your web folder. Many folks new to web development tend to put their database in the website files folder, like that shown in Figure 17.10. Don't do this!

Figure 17.10: Many people new to web development make the mistake of putting their database in the same folder as their web files.

When you place your database inside your web server, you make it available for downloading and other attacks. Your database should live in its own folder or directory, preferably on its own server, as shown in Figure 17.11.

Figure 17.11: Your database should at least be in its own secure directory or folder, if not its own server.