Results 1 to 2 of 2
  1. #1
    Join Date
    Apr 2003
    Posts
    137

    Unanswered: Prevent users from playing with MySQL database

    Hi,

    I have a POS machine which is developed in C# .NET windows application and MySQL backend. The application will be installed locally on more than one outlet.

    How can I make sure users in outlet won't mess with the database if any smart guy there! I though of hdoing it using MySQL users but I make a limited users then my applicaton won't be able to write to the database?

    What can I do? What's your advise?


    Thanks
    Jassim

  2. #2
    Join Date
    Aug 2009
    Posts
    4
    This is actually more of a programming question than a MySQL question.

    First, you should strongly consider creating MySQL user accounts with with limited access: Limit access to the specific DB/Tables in question and only give them permissions to run the specific types of SQL queries you're using in your program. If at all possible, set your program up so that each installation uses a different user account.

    Second, ALWAYS use prepared statements. By using prepared statements, you're significantly reducing the ability of a clever user to alter/access your DB using SQL injection. You can even use prepared statements for a simple SELECT query. How you do this will vary depending on what programming language you're using.

    Third, even if you're only communicating over a local network, ALWAYS try to use encrypted communications between the application and the SQL server.

    There are more things you can do, but those are a good place to start.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •