Just how secure is the information in Cpanel6 MySQL databases?

Just using the user/pass?

It's as secure as MySQL is secure. :)

I suppose your question is a little vague... what exactly do you want to know?

There are a lot of variables to this.... if you're trying to store credit card numbers on a shared server, this probably isn't the best idea. That does not mean that it is insecure though. ;)

Just like anything, it is only as secure as the person who secures it.

daveman, you need to give details, like how to do so. ;)

Originally posted by sanjiv
daveman, you need to give details, like how to do so. ;)
What do you mean?

Just like with *nix users and permissions MySQL has the same sort of thing. You can create different user accounts with different global permissions and then restrict them even further on a database level. Until he provides more details by what he means of secure it is hard to comment exactly.

secure in storing credit card info,please dont jump on me for asking a question and teell me how dumb i am...ok

if I was going to store something like CC info what could I do to make sure it is secure?
(are Banks secure ,even though sometimes they get robbed)


would a SSL cert. do the job?
any comments would be gratefully received.
thank you

SSL cert has nothing to do with mysql security. A certificate allows users to not get that untrusted souce when entering a https (secure) website.

To keep mysql somewhat secure make it so only conections can be made via localhost. block the port to outside acess, and make sure to keep it updated. That should be enough for most setups.

I would never really use mysql to store cc info in an unencrypted form. I personlly would not feel comfortable storing them even in a encrypted format. If you get one hacker that breaks in, you can never apply patches fast enough if somebody is out to get you, they get in and now you have some mad customers. There has to be some alternative or maybe some way to set it up better, but on a shared server I don't think its wise to store cc info.

thank you I really wasn't going to putCC in there but was wondering and by the way I have ded.(a spanking newbie)

How do banks/others store info in their databases so it is secure?

just simple stuff please
thnak you for your time

MySQL per se is not insecure.. it is when you install phpmyadmin with the root pass in the config file and have a lot of php scripts with chmod 755 that store plain text passwords of mysql databases etc, that things begin to get a bit risky

You should also set a non-trivial root pass for mysql in whm set up.

Once again it is not php scripts but our desire to make things fast and feature rich that causes the insecurity... in my opinion compiling PHP into Apache is a bad idea.. PHP is best run as cgi with suEXEC like Perl or Python.

It has discussed at a lot of length in these forums. Tim Greer [if I remember right] had the brilliant idea of creating a group where all virtual sites users and apache will belong and then chmod 750 all .php.

Because of the nature of the question it is difficult to explain this in layman terms

sorry for that :)

Well, the question really is on a few levels...

1. Server Security.
Obviously no matter how secured the software is, if a server is compromised, anything can be stolen (including your databases) So therefore the root of the issue starts even on the server side.

2. Software Security (Includes interaction)
Now, obviously Mysql is secure enough (not 100% as that's a tall order). But you also have to consider about what you are using with it. For example, if you have PHPMyadmin, a bug in that can compromise information on your Mysql databases even if assuming it is 100% secured.

3. Database Level Security
On this level, obviously you would have things such as the passwords, the databases and so on. This is where you can make things more secure (still not 100%) by practicing all the normal password principles such as using hard to guess passwords, hard to guess database names, putting each script in it's own database, using hard to guess user names and more. This of course controls access.

Another thing that you can always do is also to use highly secure hashing code to store your sensitive data in an encrypted format and not cleartext. This would ensure that even if your data is compromised, they can't make the hell out of it easily if at all. This may buy you time to take counter and preventive measures in the meantime.

4. When Information is transferred.
Obviously, even if you do all the above extremely well, that will be all for nothing if you transfer information over the internet in an unencrypted form. This is where SSL can step in to ensure data transfered are not easy to compromise.


Now generally, if you had been reading all of the above, you realise a pattern... and that is your security is only as strong as the weakest link. So that's why it is important to consider all the dependencies, and understand all the possible weak links. Hope this helps.

Thank YOU

Some good info on securing MySQL is here (http://www.mysql.com/doc/en/Privilege_system.html).