28 July, 2010

Secure MySQL connection on Godaddy virtual dedicated server

The Godaddy instructions on this are pretty hard to find and the default settings for open_basedir and directory permissions make it hard to do; so here is what I have done that works. You will need to be using SSH and your control panel (I use Plesk, but I doubt this is much different with cPanel and others).

The key security point is that your access codes to your MySQL database really should not be in your httpdocs directory. That is accessible to the world and although it is hard to grab the information from a .php file, it is not impossible. If the file sits above the httpdocs folder, it cannot be seen from the web.

So using SSH create a folder (one per domain, but if you use only one database for a number of sites it could be one for all) called mysql with

mkdir mysql

then still in SSH change the ownership to the normal owner of the domain with

chown [user] mysql

Now open up the conf directory to the same user with

chown [user] conf

Go to your control panel and create these two files

1. a file in conf called vhost.conf (content below) and

2. a file in mysql called mysql.php (content below)

Finally, either in SSH Restart the server with

/usr/local/psa/admin/bin/websrvmng -a -v

or you can do it from control panel.

content of vhost.conf (where x is the domain)

<directory /var/www/vhosts/x/httpdocs>

php_admin_value open_basedir "/var/www/vhosts/x/httpdocs:/tmp:/var/www/vhosts/x/mysql:"

</directory>

content of mysql.php

<?php

/*

THIS IS THE MASTER DATABASE CONNECTION FILE

IT SHOULD BE STORED ABOVE THE ROOT DIRECTORY IN MYSQL

AND SHOULD BE USED FOR ALL MYSQL CONNECTIONS

*/

mysql_connect("localhost", "[username]", "[password]") or die (mysql_error());

mysql_select_db("[database_name]") or die(mysql_error());

?>

To connect to the database add this in the relevant php scripts

include '/var/www/vhosts/[domain]/mysql/mysql.php';

Hope that helps someone save the time it took me to work it out...

27 March, 2010

Tjsoft.info revamp

Started a major rewrite of this site using a lot more CSS and fewer tables. Still a lot to do but the base is now there.

Server upgrades

Latest server configuration:
  • httpd 2.2.8-1.fc7
  • mailman 2.1.9-5.3
  • mod_perl 2.0.3-9.1.fc7
  • mod_python 3.3.1-3
  • mysql 5.0.45-6.fc7
  • perl-Apache-ASP 2.59-0.93298
  • php 5.2.6-2.fc7
  • plesk 9.3.0
  • postgresql-server 8.2.9-1.fc7
  • ruby 1.8.6.114-1.fc7
  • samba 3.0.28a-1.fc7
  • spamassassin 3.2.4-1.fc7
  • SSHTerm 0.2.2-9.278624
  • tomcat 5.5.26-1jpp.2.fc7
  • webalizer 2.01_10-32

21 March, 2010

IE non-compliance

Right, that's it. I am no longer going to support IE as a suitable browser for my sites. Microsoft's continuing lack of acceptance of internationally agreed standards makes the developer's life a misery and, while it may be cool to know all the little work-arounds needed to make your site work, just, with IE, why should we? There are much better browsers that do accept the agreed standards that work, are free, are faster, more secure - need I go on.

So I have developed a little code to spot IE users and give them a warning. They can accept the limitations of IE or switch browser. I rather like it and think all web developers should follow suit...