ARCHIVED: Legacy MySQL for Webserve privileges

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.
This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.
Note:
The Legacy MySQL for Webserve environment has been discontinued for most users, and will be completely retired July 31, 2018. If you have a Legacy MySQL account, you should migrate your service to the New MySQL for Webserve environment before that date. For more, see ARCHIVED: Migrate from Legacy to MySQL for Webserve service.
Important:
The Webserve and Webtest servers use PHP 7.1; PHP 5.6 has been retired and is no longer available. For more about PHP at IU, see PHP server-side scripting language.

You should not use the root mysql username when making a connection from your web application, since this allows the application to do anything to any of your databases, even delete them entirely. Instead, create other mysql users with reduced privileges granted to them, as shown: 

  mysql> GRANT select,insert,update,delete on firstdb.* to firstuser@'129.79.78.%' identified by 'passwd';

In the above example, the GRANT statement specifies that the user is only allowed to run a limited amount of statements on the MySQL server. This user will be allowed to select, insert, update, and delete records. This user is not allowed to create or drop tables. More importantly, this user is not permitted to create users and set privileges.

You could further reduce a user's privileges by removing other items from the GRANT statement. The best policy is to grant users permission to access only the functions that are necessary to perform their tasks.

The database access privileges that MySQL supports are shown below. For a comprehensive list of options, see Privileges Provided by MySQL in the MySQL 5 Reference Manual.

Privilege Operations allowed by privilege
ALTER Modify tables with ALTER TABLE
CREATE Make new database, table, or index
DELETE Remove rows from tables
DROP Remove databases or tables
INDEX Create or remove indexes for tables
INSERT Add rows to tables
SELECT Select records from tables
UPDATE Modify records in tables

This is document bfok in the Knowledge Base.
Last modified on 2021-09-08 10:18:35.