Important security information for MySQL accounts

Important:
On Webserve, PHP 7.1 will become the default version in spring 2018; however, PHP 5.6 will still be available until it is retired at the end of December 2018. As of Jan 18, Webtest servers are already using PHP 7.1. For help specifying which version of PHP to use, see PHP server-side scripting language.

Use of the MySQL service requires adherence to policies outlined by both the University Information Policy Office (UIPO) and Web Services Support. These include but are not limited to:

  • You may not use this system to store critical data; see Data classifications for a list of examples.
  • To thwart harvesting by spammers, store email addresses so they are not directly usable as email addresses. Either store them as images or in a textual form that does not resemble an email address. For more, see How can I protect my web pages from email address harvesting?
  • You must follow the policies set by the University Information Security Office (UISO) and the UIPO regarding storage of sensitive, personal, or restricted institutional information. For policy questions, contact the UIPO.
  • Store the phpMyAdmin application and any associated simple data files in the wwws subdirectory (/ip/account/wwws) of your Webserve account; access to the application should be protected via an .htaccess file (see Controlling web page access). This ensures that the password used to access the application is encrypted in transit from the browser to the web server, and that any data sent to or from the application is encrypted in transit.
    Note:
    All web applications must use the secure server (the wwws directory in the Webserve account) for handling any username-password dialogs with a user.
  • Do not store raw student data on Webserve or Legacy and New MySQL services for longer than the shortest period required to place it into the database.
  • The login passphrases to the Legacy and New MySQL services and Webserve must be especially robust. For more, see Your IU passphrase.
  • The root and other access passwords created within the mysql database must also be robust.

This is document bfoh in the Knowledge Base.
Last modified on 2017-08-17 13:32:14.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.