Important security information for MySQL accounts

Important:
The Webserve and Webtest servers use PHP 7.1; PHP 5.6 has been retired and is no longer available. For more about PHP at IU, see PHP server-side scripting language.

Use of the MySQL service requires adherence to policies outlined by both the University Information Policy Office (UIPO) and Web Services Support. These include but are not limited to:

  • You may not use this system to store critical data; see Types of data for a list of examples.
  • To thwart harvesting by spammers, store email addresses so they are not directly usable as email addresses. Either store them as images or in a textual form that does not resemble an email address. For more, see Protect your web pages from email address harvesting.
  • You must follow the policies set by the University Information Security Office (UISO) and the UIPO regarding storage of sensitive, personal, or restricted institutional information. For policy questions, contact the UIPO.
  • Use of phpMyAdmin is unsupported; administrators recommend using the MySQL workbench instead. If you must use phpMyAdmin, store the phpMyAdmin application and any associated simple data files in the wwws subdirectory (/ip/account/wwws) of your Webserve account; access to the application should be protected via an .htaccess file (see Control web page access). This ensures that the password used to access the application is encrypted in transit from the browser to the web server, and that any data sent to or from the application is encrypted in transit.
    Note:
    All web applications must use the secure server (the wwws directory in the Webserve account) for handling any username-password dialogs with a user.
  • Do not store raw student data on the Webserve or MySQL for Webserve services for longer than the shortest period required to place it into the database.
  • The login passphrases to Webserve must be especially robust. For more, see Your IU passphrase.
  • The root and other access passwords created within the mysql database must also be robust.

This is document bfoh in the Knowledge Base.
Last modified on 2019-04-11 10:50:47.

Contact us

For help or to comment, email the UITS Support Center.