0

Hi,
If i want to create a user in MySQL only to allow the Php program file to access the database and show results in my website what priviliges should i give to the user. So that access to my database is never compromised if someone can get the password that i have to give in the Php file for the user created. Should I limit the privilege to 'SELECT' or need to add some more.

Thankyou for stopping by and answering ...(in advance)

3
Contributors
3
Replies
4
Views
5 Years
Discussion Span
Last Post by David2012
0

Well, it depends on what your PHP code does. If you only use SELECT, then why add other priviliges? If your code also updates and/or deletes, then you need to add them too. Protecting from abuse in that case would be harder, but can be solved by logging.

0

To increase safety, you should also
- restrict user access to the database to the IP address of your webserver, so that no intruders from outside can read the database;
- store the access data (username, database name, password) in a separate file with a name beginning with a dot (like ".access.inc.php"), so that this file won't be served by your webserver even if PHP is deactivated.

0

Thankyou very much. Yes my PHP is only using SELECT. So gues i just need to give SELECT privelege for that username.

Smantscheff-
Well, i never knew we could use a . (dot) in a filename!! But i will do henceforwrd...thanks. And guess u are hinting that i should use PDO..php data object, and keep a seperate file for connecting the database...right. That's a good standard.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.