diff --git a/chapters/security.xml b/chapters/security.xml
index 9a2bd9933b..8acdbf7d59 100644
--- a/chapters/security.xml
+++ b/chapters/security.xml
@@ -263,7 +263,7 @@ AddHandler php-script .php
     PHP to access a database, unless that database has built-in access
     control, you will have to make the database accessable to the
     "nobody" user. This means a malicious script could access and modify
-    the databse, even without a username and password. It's entirely
+    the database, even without a username and password. It's entirely
     possible that a web spider could stumble across a database
     adminisitror's web page, and drop all of your databases. You can
     protect against this with Apache authorization, or you can design
diff --git a/security/index.xml b/security/index.xml
index 9a2bd9933b..8acdbf7d59 100644
--- a/security/index.xml
+++ b/security/index.xml
@@ -263,7 +263,7 @@ AddHandler php-script .php
     PHP to access a database, unless that database has built-in access
     control, you will have to make the database accessable to the
     "nobody" user. This means a malicious script could access and modify
-    the databse, even without a username and password. It's entirely
+    the database, even without a username and password. It's entirely
     possible that a web spider could stumble across a database
     adminisitror's web page, and drop all of your databases. You can
     protect against this with Apache authorization, or you can design