Page 1 of 1

Connecting safely with a MySQL database?

Posted: Wed Aug 25, 2010 3:03 pm
by t45418
Hi,

I am putting together a website which uses MySQL to store data and populate some fields. I have the database working correctly, but my question is regarding the correct way to connect with MySQL. I am currently connecting using root as the user and the root passward, which as populated via a separate file, incorporated via the require function.

My main question is:

- Is this a security flaw for the website?

+ Is it worth me spending the time having each registered user of the website having set priviledges on the database?

I'd really appreciate any thoughts on this as this is my first go at doing this.

Thanks :)

Re: Connecting safely with a MySQL database?

Posted: Thu Aug 26, 2010 12:51 am
by Gargoyle
NEVER connect to your DB as teh root user unless you really have to.

your users will all have FULL access to mysql, not just their DB if you don't create DB users that are limited to certain databases.

Re: Connecting safely with a MySQL database?

Posted: Sun Aug 29, 2010 8:25 am
by t45418
Hi,

Thanks for the advice. Is it okay to connect all website users through a single set of MySQL user details (if these are limited to the relevent database)?

Or is it necessary to create a MySQL user for each user of the website?

Re: Connecting safely with a MySQL database?

Posted: Sun Sep 05, 2010 11:51 am
by t45418
Hi,

If anyone is able to answer the about question I'd really appreciate it. I'm just trying to understand what an acceptable level of MySQL integration is for a website. Am a newbie so any tips most welcome! :D

Re: Connecting safely with a MySQL database?

Posted: Sun Sep 05, 2010 12:03 pm
by Gargoyle
specify "website users"

Re: Connecting safely with a MySQL database?

Posted: Sun Sep 05, 2010 12:07 pm
by josh
t45418 wrote:Thanks for the advice. Is it okay to connect all website users through a single set of MySQL user details (if these are limited to the relevent database)?
Yes
Or is it necessary to create a MySQL user for each user of the website?
No

The only time I would have different mysql accounts for each "user" is in a multi-tenant architecture (example, you pay $50 a month and we'll host & maintain a Joomla install for you). In that case you wouldn't want one hosting customer to have access to the other customer's Joomla install, so a higher level of security is desirable.

Re: Connecting safely with a MySQL database?

Posted: Sun Sep 05, 2010 12:34 pm
by t45418
:D That's great! Thanks! 8)