February 2014 / PhreeBooksR36RC3
Author – Charles
PhreeBooks curently uses the MySQL database only.
Please note that it is strongly advised to set MySQL to default to the InnoDB format and not MyISAM, as apparently InnoDB is ‘more robust’.
PhpMyAdmin seems to be set out-of-the-box to default to MyISAM – so beware.
Quote from Dave Premo:
InnoDB supports ‘transactions’ which are CRITICAL for PhreeBooks to operate properly. MyISAM do not and cause table sync problems in spades. If in doubt, post-install, check your mysql tables and make sure the type is set to InnoDB – especially for the journal_main and journal_item tables.
In my experience, even if you have set the default table type to InnoDB, some tables will still be created with MyISAM. This doesn’t seem to be an issue as long as:
- the default is InnoDB
- journal_main and journal_item are InnoDB
Collation – utf8_general_ci
phpMyAdmin / InnoDB
phpMyAdmin / InnoDB
This is not the place for an in-depth discussion of database security. Suffice to say that the security of your PhreeBooks install and of your PhreeBooks database (and others) is very important. You need to make sure that software is kept up-to-date and that secure practices are employed (beyond the scope of this website).
I have read elsewhere that amongst other security ‘best-practices’ (and it is the responsibility of each user to confirm these before using them – no responsibility for their accuracy is taken by the author, Phreesoft or PhreeBooks) these should be considered:
- Employing non-obvious Directory and database User names (i.e. not easily guessed). Of course, these should be appropriately long. Longer is better.
- I have read that, in particular, it is wise to make the names of directories containing database management tools obscure and not easily guessed – i.e. NOT phpMyAdmin, HeidiSQL, Adminer, Workbench or database. I have also read that it is preferable (faster, more secure) to avoid database management tools altogether in WAN-facing installs – manage your database from the command line.
- Employing appropriate length and complexity in constructing passwords for database Users and anywhere else a password is required.
An excellent resource on Passwords is detailed at the bottom of the ‘Encryption HowTo’ page.
Please make any comments or suggestions for improvement in the Forum.