If i want to create a user in MySQL only to allow the Php program file to access the database and show results in my website what priviliges should i give to the user. So that access to my database is never compromised if someone can get the password that i have to give in the Php file for the user created. Should I limit the privilege to 'SELECT' or need to add some more.
Thankyou for stopping by and answering ...(in advance)
Well, it depends on what your PHP code does. If you only use SELECT, then why add other priviliges? If your code also updates and/or deletes, then you need to add them too. Protecting from abuse in that case would be harder, but can be solved by logging.
To increase safety, you should also
- restrict user access to the database to the IP address of your webserver, so that no intruders from outside can read the database;
- store the access data (username, database name, password) in a separate file with a name beginning with a dot (like ".access.inc.php"), so that this file won't be served by your webserver even if PHP is deactivated.
Thankyou very much. Yes my PHP is only using SELECT. So gues i just need to give SELECT privelege for that username.
Well, i never knew we could use a . (dot) in a filename!! But i will do henceforwrd...thanks. And guess u are hinting that i should use PDO..php data object, and keep a seperate file for connecting the database...right. That's a good standard.