Page 1 of 1

Setting up a new user without compromising security

Posted: Fri Sep 13, 2002 7:31 am
by Stille
Hi

I'm pretty new at MySQL, so I have a question about setting up a new user. Currently, I'm working on a Guestbook, which will have an Admin section to set up the lay out of the book (and delete unwanted messages). In my opinion, I will need two new users (apart from the root user, which I must only use to set up the new accounts):

1. Admin, a user as described above.
2. Webvisitor, a user with only INSERT privileges, to use online so one can enter a new message in the guestbook.

But here's the thing: I'm not sure how to set up these users so I can also connect to the database with them. For instance, if I want to set up the Webvisitor account, I'll do the following:

GRANT INSERT ON tables.* TO webvisitor IDENTIFIED BY 'webpassword';

However, this will not allow me to connect to the database, either via PHP or via the MySQL program:

$mysql=mysql_connect(localhost,webvisitor,webpassword);
or
mysql -u webvisitor

I still need to use "root" to do this. Does anyone know how I can solve this? The following page lists the GRANT possibilities, but none of them seem to fit the purpose:

http://www.mysql.com/doc/en/GRANT.html

Thanks!
Stille

You forgot something.

Posted: Sat Sep 14, 2002 1:49 pm
by EricS
You forgot the host part of your grant statement.

GRANT INSERT ON tables.* TO webvisitor@localhost IDENTIFIED BY 'webpassword';

for some reason when you only give the user name, like you did, it will allow all host EXCEPT localhost. Which just happens to be the host your trying to use.

That should fix your problem.

Posted: Sat Sep 14, 2002 6:31 pm
by Stille
Thanks for the info. The problem was actually due to some bad coding on my part. I mistakingly granted privileges to a user with his encrypted password (using the PHP function crypt() ), but then tried to connect with the uncrypted one. I know, I'm an idiot...

I'll add the host to be sure, though :)