Setting up a new user without compromising security

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
Stille
Forum Newbie
Posts: 2
Joined: Fri Sep 13, 2002 7:31 am
Location: Belgium

Setting up a new user without compromising security

Post by Stille »

Hi

I'm pretty new at MySQL, so I have a question about setting up a new user. Currently, I'm working on a Guestbook, which will have an Admin section to set up the lay out of the book (and delete unwanted messages). In my opinion, I will need two new users (apart from the root user, which I must only use to set up the new accounts):

1. Admin, a user as described above.
2. Webvisitor, a user with only INSERT privileges, to use online so one can enter a new message in the guestbook.

But here's the thing: I'm not sure how to set up these users so I can also connect to the database with them. For instance, if I want to set up the Webvisitor account, I'll do the following:

GRANT INSERT ON tables.* TO webvisitor IDENTIFIED BY 'webpassword';

However, this will not allow me to connect to the database, either via PHP or via the MySQL program:

$mysql=mysql_connect(localhost,webvisitor,webpassword);
or
mysql -u webvisitor

I still need to use "root" to do this. Does anyone know how I can solve this? The following page lists the GRANT possibilities, but none of them seem to fit the purpose:

http://www.mysql.com/doc/en/GRANT.html

Thanks!
Stille
EricS
Forum Contributor
Posts: 183
Joined: Thu Jul 11, 2002 12:02 am
Location: Atlanta, Ga

You forgot something.

Post by EricS »

You forgot the host part of your grant statement.

GRANT INSERT ON tables.* TO webvisitor@localhost IDENTIFIED BY 'webpassword';

for some reason when you only give the user name, like you did, it will allow all host EXCEPT localhost. Which just happens to be the host your trying to use.

That should fix your problem.
Stille
Forum Newbie
Posts: 2
Joined: Fri Sep 13, 2002 7:31 am
Location: Belgium

Post by Stille »

Thanks for the info. The problem was actually due to some bad coding on my part. I mistakingly granted privileges to a user with his encrypted password (using the PHP function crypt() ), but then tried to connect with the uncrypted one. I know, I'm an idiot...

I'll add the host to be sure, though :)
Post Reply