Professional Web Applications Themes

What's best way to do? - MySQL

Hi, i wrote a webapplication with mysql database. I the PHP code; i use user 'root' in the mysql_connect command. The user of the application is limited to the application and cannot delete or alter a table, only update, delete and insert the tables. Is it a good practise to do so, or is it better to define a "anonymous" user with limited rights? Thanks Pat...

  1. #1

    Default What's best way to do?

    Hi,

    i wrote a webapplication with mysql database. I the PHP code; i use user
    'root' in the mysql_connect command.

    The user of the application is limited to the application and cannot delete
    or alter a table, only update, delete and insert the tables.

    Is it a good practise to do so, or is it better to define a "anonymous" user
    with limited rights?
    Thanks
    Pat


    Pat Guest

  2. #2

    Default Re: What's best way to do?

    Hi,

    best practise would be to create one (or if it's suitable for your
    application, more) user(s) whose permissions are tailored to the specific
    needs for this applications. I would avoid creating anonymous users, there
    are rarely good reasons for that ;-).

    Markus



    Markus Popp Guest

  3. #3

    Default Re: What's best way to do?

    > i wrote a webapplication with mysql database. In the PHP code, i use user
    > 'root' in the mysql_connect command.
    >
    > The user of the application is limited to the application and cannot delete
    > or alter a table, only update, delete and insert the tables.
    >
    > Is it a good practise to do so, or is it better to define a "anonymous" user
    > with limited rights?
    As Markus said, it is better to create a limited "web" user. If a hacker
    somehow gets the account data, he cannot do more than the web user could
    do via the page. If you really want to limit the database access and if
    your database supports stored procedures, you could define a stored
    procedure for every allowed action on the database and grant only
    execute rights to the web user.

    Best regards
    Dikkie Dik Guest

  4. #4

    Default Re: What's best way to do?

    Thanks

    "Dikkie Dik" <"' OR 1=1 LIMIT 1-- haha"haha.com> schreef in bericht
    news:dpp7pb$67m$1news.cistron.nl...
    >> i wrote a webapplication with mysql database. In the PHP code, i use user
    >> 'root' in the mysql_connect command.
    >>
    >> The user of the application is limited to the application and cannot
    >> delete or alter a table, only update, delete and insert the tables.
    >>
    >> Is it a good practise to do so, or is it better to define a "anonymous"
    >> user with limited rights?
    >
    > As Markus said, it is better to create a limited "web" user. If a hacker
    > somehow gets the account data, he cannot do more than the web user could
    > do via the page. If you really want to limit the database access and if
    > your database supports stored procedures, you could define a stored
    > procedure for every allowed action on the database and grant only execute
    > rights to the web user.
    >
    > Best regards

    Pat Guest

  5. #5

    Default Re: What's best way to do?

    Thanks

    "Markus Popp" <mfpgmx.li> schreef in bericht
    news:43bfe7c8$0$23225$91cee783newsreader02.highwa y.telekom.at...
    > Hi,
    >
    > best practise would be to create one (or if it's suitable for your
    > application, more) user(s) whose permissions are tailored to the specific
    > needs for this applications. I would avoid creating anonymous users, there
    > are rarely good reasons for that ;-).
    >
    > Markus
    >
    >
    >

    Pat Guest

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139