I'm developing a MySQL database driven, PHP web application that will be used by the general public and I'm starting to get a bit paranoid about database security.
While creating the site I was using a single, full privileges database user to connect on each page that required it. I'm now thinking it would be safer to use different database users, with different privileges, for each separate page of the site. For example: On the login page, I create a database user that can only SELECT data from the MEMBERS table.
The idea being that if someone manages to discover the username and password of the DB connection on the login page, and somehow managed to run a query with it, they can't do much harm as they can only SELECT a limited amount of data.
Do you think this is a good idea and if so, how far should I take it? Would a single user with privileges to perform all the required tasks on entire site be okay or should I have a different user on each page?
Any thoughts or suggestions would be gratefully received.