Connecting safely with a MySQL database?

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
t45418
Forum Newbie
Posts: 6
Joined: Sat Aug 21, 2010 1:04 pm

Connecting safely with a MySQL database?

Post by t45418 »

Hi,

I am putting together a website which uses MySQL to store data and populate some fields. I have the database working correctly, but my question is regarding the correct way to connect with MySQL. I am currently connecting using root as the user and the root passward, which as populated via a separate file, incorporated via the require function.

My main question is:

- Is this a security flaw for the website?

+ Is it worth me spending the time having each registered user of the website having set priviledges on the database?

I'd really appreciate any thoughts on this as this is my first go at doing this.

Thanks :)
Gargoyle
Forum Contributor
Posts: 130
Joined: Wed Jul 14, 2010 12:25 am

Re: Connecting safely with a MySQL database?

Post by Gargoyle »

NEVER connect to your DB as teh root user unless you really have to.

your users will all have FULL access to mysql, not just their DB if you don't create DB users that are limited to certain databases.
t45418
Forum Newbie
Posts: 6
Joined: Sat Aug 21, 2010 1:04 pm

Re: Connecting safely with a MySQL database?

Post by t45418 »

Hi,

Thanks for the advice. Is it okay to connect all website users through a single set of MySQL user details (if these are limited to the relevent database)?

Or is it necessary to create a MySQL user for each user of the website?
t45418
Forum Newbie
Posts: 6
Joined: Sat Aug 21, 2010 1:04 pm

Re: Connecting safely with a MySQL database?

Post by t45418 »

Hi,

If anyone is able to answer the about question I'd really appreciate it. I'm just trying to understand what an acceptable level of MySQL integration is for a website. Am a newbie so any tips most welcome! :D
Gargoyle
Forum Contributor
Posts: 130
Joined: Wed Jul 14, 2010 12:25 am

Re: Connecting safely with a MySQL database?

Post by Gargoyle »

specify "website users"
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Connecting safely with a MySQL database?

Post by josh »

t45418 wrote:Thanks for the advice. Is it okay to connect all website users through a single set of MySQL user details (if these are limited to the relevent database)?
Yes
Or is it necessary to create a MySQL user for each user of the website?
No

The only time I would have different mysql accounts for each "user" is in a multi-tenant architecture (example, you pay $50 a month and we'll host & maintain a Joomla install for you). In that case you wouldn't want one hosting customer to have access to the other customer's Joomla install, so a higher level of security is desirable.
t45418
Forum Newbie
Posts: 6
Joined: Sat Aug 21, 2010 1:04 pm

Re: Connecting safely with a MySQL database?

Post by t45418 »

:D That's great! Thanks! 8)
Post Reply