I want to use PHP to pull data from the PostgreSQL Database into my application. I wanted to know whether this method is secure, if my various users will have to interact with data.
Hi Kibui
Yo can secure database access in many ways. You can use HTTPS to secure the communitations. Also you can allow access to the database only from the application running on the server whith a low permission role, and the users can access the PHP application using a different credential
You can find information about PHP database access in [1] and PsotgreSQL in [2]
Kind regards
[1] http://php.net/manual/en/security.database.php
[2] http://www.postgresql.org/docs/7.0/static/security.htm
If your servers are located in the same physical lication on different machines, you can connect them with a fast gigabit network connection and have the connections exclusive, by having those two (or a few) servers in a separate network segment (range). Than, attach another newtork interface to the Web service's server and connect it to the gateway by giving it an address in the public network address range (or, perhaps through a firewalled GW if that is your service's network organization requirement).
That way, the DB and WEB server communicate directly and very fast without the latency encryption usually gives), but the DB server is isolated from the public web, so in that sense, data is secure.
And the only publicly exposed part is the Web server hosting the PHP application, which is fine, as long as it is secure from Rootkit exploits etc.
Hello Milan Ferik Tair,
Thank you very much for this advice.I really like the idea.Let me research more on it.
Regards
- Badges
- Science topic
- Similar topics
- Mathematical Sciences
- Graphs