Legacy MySQL for Webserve privileges

Note:
Support for the Legacy MySQL for Webserve environment is ending May 31, 2018. If you have a Legacy MySQL account, you should migrate your service to the New MySQL for Webserve environment before that date. For more, see Migrate from Legacy to New MySQL for Webserve service.
Important:
On Webserve, the default version of PHP is 7.1; however, PHP 5.6 will still be available until it is retired at the end of December 2018. Webtest servers are already using PHP 7.1. For help specifying which version of PHP to use, see PHP server-side scripting language.

You should not use the root mysql username when making a connection from your web application, since this allows the application to do anything to any of your databases, even delete them entirely. Instead, create other mysql users with reduced privileges granted to them, as shown:

  mysql> GRANT select,insert,update,delete on firstdb.* to firstuser@'129.79.78.%' identified by 'passwd';

In the above example, the GRANT statement specifies that the user is only allowed to run a limited amount of statements on the MySQL server. This user will be allowed to select, insert, update, and delete records. This user is not allowed to create or drop tables. More importantly, this user is not permitted to create users and set privileges.

You could further reduce a user's privileges by removing other items from the GRANT statement. The best policy is to grant users permission to access only the functions that are necessary to perform their tasks.

The database access privileges that MySQL supports are shown below. For a comprehensive list of options, see Privileges Provided by MySQL in the MySQL 5 Reference Manual.

Privilege Operations allowed by privilege
ALTER Modify tables with ALTER TABLE
CREATE Make new database, table, or index
DELETE Remove rows from tables
DROP Remove databases or tables
INDEX Create or remove indexes for tables
INSERT Add rows to tables
SELECT Select records from tables
UPDATE Modify records in tables

This is document bfok in the Knowledge Base.
Last modified on 2018-04-11 08:21:19.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.