Re: about priveleges
A webapp needs to authenticate itself as a database user, in PHP, via a mysaqli_connect() call, and it needs to authenticate its users.
Conventionally, root has all privs, including the priv of granting privs. No webapp should have root privs.
The webapp needs its own mysql.user entry, with no more than the privs the app requires; eg it shouldn't have the drop database priv.
If there are different classes of webapp users---eg readers, writers, admins---then each of those classes needs one mysql.user row defining its max privs.
Individual webapp users should be documented by a separate mechanism, minimally a user table in the webapp-specific database, more sophisticatedly a set of role-based-access tables which map individual user privilege sets to defined roles, and maps those roles in turn to specific mysql.user rows.
Subject
Written By
Posted
Re: about priveleges
July 29, 2015 11:00AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.