| Doug Thompson 2005-01-23, 3:57 pm |
| Simple _complete_ solution: Find a different hosting company that provides a virtual server and root access to everything about your account. Cost should be nominal, but probably not free.
Simple _partial_ solution: Use INCLUDEs for the login portions of the script(s) and place them in a protected directory. If you are unable to protect directories (.htaccess) with this host, they are begging for trouble and victimizing their subscribers.
Simple _lack of a_ solution: Don't put anything on this site that anyone cares about protecting.
If that all sounds obvious, it's supposed to.
Doug
Shay wrote:
> My hosting company gave me one database and one root user account, and I
> have no access for priviliges at all. So as far as I can tell, the only way
> for me to connect to the database on my site is to do a
> mysql_connect("host", "user", "pass"), where the user and pass are the ones
> for this one super account.
>
> Is this a major security concern or what? Is there a way around this, or a
> way to minimize security problems? I've emailed them about this, and they
> act like they have no clue what I'm talking about :
>
>
>
>
> Then the program or script you are using should have means
> for your users to access permitted areas. And there is no
> anonymous account, there is only your own account Db
>
> Now. Hosting company provide your site with tool for you to use your
> own programs and it's up to you which programs and how you use them.
> Our job is to make sure the tool is working. Other than that, we do not
> provide support for scripts and the programs you are using.
>
> If you having problems to use some programs then you need to get
> in touch with developers and find what need to be done and how.
>
|