help needed with the following please.....

[zmaq]

I have php5, myphpadmin, apache and the latest mysql.

The following questions are simply driving me mad… I just can’t seem to get it!!! If the following were explained I would sleep much better at night.. I was not sure where to post this so if it is in the wrong place please tell me…. thanks

1.Is it or is it not important to set up different users for different website projects or is it fine to use my username and password (the ones that give me acces to myphpadmin) that works for every web project I start? Please bear in mind that the computer I use is my own and as such is not shared with anyone

2. Does the above leave me open to security issues if I do not set up a username and password for different projects within myphpadmin?

3.Is it good policy to create users specific to different projects with their own username & password with limited privileges? I read that somewhere….. If so how is this done?

4. Is it good practice to save the local root folder outside of the C:\Program Files\Apache Group\Apache2\htdocs folder or should I save everything to do with the site in a folder within apache/htdocs and from then on in dreamweaver assign local root folder and the testing server folder to the same location?

Example: If I have a site called “test_site” Should I have the local root folder here….
C:\Program Files\Apache Group\Apache2\htdocs folder\test_site ?
And should I also assign the testing server (folders) to the same locaition? With the following url prefix: htp://localhost/test_website/
Where does the remote server come it in all this?

I seem to be able to test locally if I use the above method but if I was to save the document root outside of the C:\Program Files\Apache Group\Apache2\htdocs folder\ and put it in C:\Websites\ (in dreamweaver I would assign the document root to C:\Websites\ but what would I assign the testing server folder to? The same or Do I need to assign it here… C:\Program Files\Apache Group\Apache2\htdocs folder\test_site ?


6.How do I set up the remote server? I mean what is the point? Can’t I just test locally on the with files for the site I am working on to be in a folder within C:\Program Files\Apache Group\Apache2\htdocs folder? What is the point of testing on a remote server as aposed to a local server?

 

[sleipnir214]

Questions 1, 2, and 3:
The first rule of computer security is, "Grant only necessary access". Your projects should not be using root-level credentials for MySQL access. They should be using a separate login that grants only necessary permissions the necessary databases and tables for the project to work. This limits possible damage from hostile entities.

I recommend that each project have its own credentials. This compartmentalizes your security configuration, limiting possible damage from hostile entities.

See the MySQL online documentation for the GRANT query


Question 4:
I don't think the filesystem location makes all that much difference in terms of security. It can make a difference in maintainability, though.

Question 6:
I don't understand. Anyway, what happened to question 5?

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[zmaq]

Thanks for fast reply but can the following be answered please...

Question 5:
I seem to be able to test locally if I use the above method but if I was to save the document root outside of the C:\Program Files\Apache Group\Apache2\htdocs folder\ and put it in C:\Websites\ (in dreamweaver I would assign the document root to C:\Websites\ but what would I assign the testing server folder to? The same or Do I need to assign it here… C:\Program Files\Apache Group\Apache2\htdocs folder\test_site ?

Question 6:
What is the point of testing on a remote server as aposed to a local server? Idiots guide (for me)required!!!!

As mentioned I don't share my computer so does that influence the above question?

 

[sleipnir214]

I'm not sure I understand question 5.

You can put the document root of a web server anywhere you want on your server's filesystem. You just need to make sure you've told Apache where that document root is. Exactly where you should put it is dependent on your own style of system management, your style of design, the design of the site -- there are not hard-and-fast rules that I know of.

Generally, with my style of system administration and other factors, it is often easy for me to create a directory structure where a particular project's developement and production sites are in the same directory tree. For example, for project "foo", I would create the directory /home/sites/foo, with the development site in /home/sites/foo/dev and the production site in /home/sites/foo/prod. Apache keeps the two sites separate by domain names.



I still think I don't understand question 6. In general, though, you must put a site through a round of testing on whatever server it will run in production mode. If that production server is a remote server, you must do a last round of testing there.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[zmaq]

1.I believe that when I set up apache I told it that the document root was C:\Program Files\Apache Group\Apache2\htdocs so does that mean that every site I creates should be in folders that apear in that path eg a site call car_site would reside in the following path.....
C:\Program Files\Apache Group\Apache2\htdocs\car_site

2.If thats the case should I should tell dreamweaver that is the location of the root folder and also the testing server?

Please answer using the above example please.

3. Where does the remote server come into this? Is it not good enough to test any php code via the testing server (*specified in question 2*? If it works there is it not good enough to put online?

Thanks for all your answers and fast replies to date.

 

[sleipnir214]

1. A single Apache web server can provide access to multiple web sites. Each web site is defined by a separate VirtualHost configuration directive. Each VirtualHost entry in your Apache configuration file can have its own DocumentRoot configuration. And each DocumentRoot directory can be anywhere on your filesystem.

See

http://httpd.apache.org/docs-2.0/vhosts/examples.html

for more information.


2. Tell DreamWeaver to put the files into whatever directory Apache is expecting them.


3. Your code may or may not work correctly on the remote server. If the remote server is running exactly the same OS, with exactly the same version of Apache, with exactly the same version of PHP, and if all the previous were configured exactly the same way on both machines, then yes, your code should work identically on both.

However, if any one thing is not exactly the same, the behavior of your PHP scripts will change from server to server. And so you will need additional testing on the remote machine.

There are ways to write your scripts to minimize the disruptions. Use the superglobal arrays rather than assuming register_globals is turned on. Get paranoid with error-trapping in your code. That sort of thing.

Want the best answers? Ask the best questions!

TANSTAAFL!!