Important security information for MySQL accounts

Important:
On Webserve, the default version of PHP is 7.1; however, PHP 5.6 will still be available until it is retired at the end of December 2018. Webtest servers are already using PHP 7.1. For help specifying which version of PHP to use, see PHP server-side scripting language.

Use of the MySQL service requires adherence to policies outlined by both the University Information Policy Office (UIPO) and Web Services Support. These include but are not limited to:

  • You may not use this system to store critical data; see Data classifications for a list of examples.
  • To thwart harvesting by spammers, store email addresses so they are not directly usable as email addresses. Either store them as images or in a textual form that does not resemble an email address. For more, see Protect your web pages from email address harvesting.
  • You must follow the policies set by the University Information Security Office (UISO) and the UIPO regarding storage of sensitive, personal, or restricted institutional information. For policy questions, contact the UIPO.
  • Use of phpMyAdmin is unsupported; administrators recommend using the MySQL workbench instead. If you must use phpMyAdmin, store the phpMyAdmin application and any associated simple data files in the wwws subdirectory (/ip/account/wwws) of your Webserve account; access to the application should be protected via an .htaccess file (see Controlling web page access). This ensures that the password used to access the application is encrypted in transit from the browser to the web server, and that any data sent to or from the application is encrypted in transit.
    Note:
    All web applications must use the secure server (the wwws directory in the Webserve account) for handling any username-password dialogs with a user.
  • Do not store raw student data on the Webserve or MySQL for Webserve services for longer than the shortest period required to place it into the database.
  • The login passphrases to Webserve must be especially robust. For more, see Your IU passphrase.
  • The root and other access passwords created within the mysql database must also be robust.

This is document bfoh in the Knowledge Base.
Last modified on 2018-08-15 15:14:28.

Contact us

For help or to comment, email the UITS Support Center.