ARCHIVED: Legacy MySQL for Webserve privileges
You should not use the root
mysql username when making a connection from your web application, since this allows the application to do anything to any of your databases, even delete them entirely. Instead, create other mysql users with reduced privileges granted to them, as shown:
mysql> GRANT select,insert,update,delete on firstdb.* to firstuser@'129.79.78.%' identified by 'passwd';
In the above example, the GRANT
statement specifies that the user is only allowed to run a limited amount of statements on the MySQL server. This user will be allowed to select, insert, update, and delete records. This user is not allowed to create or drop tables. More importantly, this user is not permitted to create users and set privileges.
You could further reduce a user's privileges by removing other items from the GRANT
statement. The best policy is to grant users permission to access only the functions that are necessary to perform their tasks.
The database access privileges that MySQL supports are shown below. For a comprehensive list of options, see Privileges Provided by MySQL in the MySQL 5 Reference Manual.
Privilege | Operations allowed by privilege |
---|---|
ALTER |
Modify tables with ALTER TABLE
|
CREATE |
Make new database, table, or index |
DELETE |
Remove rows from tables |
DROP |
Remove databases or tables |
INDEX |
Create or remove indexes for tables |
INSERT |
Add rows to tables |
SELECT |
Select records from tables |
UPDATE |
Modify records in tables |
This is document bfok in the Knowledge Base.
Last modified on 2021-09-08 10:18:35.