Hi,
While I was reading the PHP manual on database security yesterday, it said that you should never connect to the database as the superuser but rather as another user with more limited options. My question is: how do you create new users and set access levels for them in MySQL?
Secondly, if a website does not offer phpMyAdmin, how can I use a database I created in phpMyAdmin on my PC for that website?
Thanks a lot.in the mysql database
table user:
localhost myuser mypassword N N N N N N N N N N N N N N
table db:
localhost mydb myuser Y Y Y Y N N N N N N
this means the the user myuser can only connect from localhost and can only select, update, delete and insert on the database mydbyour host should set any user up with the proper permissions and you shouldn't have to worry about it.
you can also donwload phpmyadmin and install it on your host to work with mysql.to copy that database, you could write up a little script...
first dump with your phpmyadmin to let say dump.sql
then
<?php
mysql_connect('host','user','pass');
mysql_select_db('db');
$allquery = implode('',file('dump.sql'));
$allquery = explode(';',$allquery);
foreach($allquery as $query) {
mysql_query($query);
}
?>
(i did not test it)but if they can run php on the server why can't they instll phpmyadmin and make life so much easier?I believe that with your username and password for MySQL, you can just install phpmyadmin in your public_html directory somewhere. Password protect it though. It should only show your database(s).pretty hard finding good reason...
maybe some of these:
-why install phpmyadmin when you will use it only one time to setup the database?
-is phpmyadmin 100% secure? i don't know about that.
should we install it on production server or only connect by ssh and do some mysql in command line?
-hardcore coders that don't need those fancy tools.
-limited space on server (is there any 5meg host anymore??)
but hey! i use phpmyadmin.
i just think that we can still "live" without it!I think it's definitely a great tool. It also is widely available through control panel distributions such as Cpanel.
As far as security goes, it's just as secure as any script you write to modify, delete, or add mysql data with. Of couurse a .htaccess with a password file will be needed too restrict access.
I love it for alot of reasons. Most importantly the ease of use on my windows laptop when i'm doing dev on the road etc.. I can look up things easily, and create DB's on the fly without closing my browser.
Of course, on my servers, i still use the command line
well if a person doesn't have access to command line to add a table or alter a column phpmyadmin comes in real handy.
it is just as secure as mysql is. if a person gets the password/username for mysql then why would they care if they have it for phpmyadmin? it uses the same one. it is cookie, config, or htaccess protected so I see no harm.
While I was reading the PHP manual on database security yesterday, it said that you should never connect to the database as the superuser but rather as another user with more limited options. My question is: how do you create new users and set access levels for them in MySQL?
Secondly, if a website does not offer phpMyAdmin, how can I use a database I created in phpMyAdmin on my PC for that website?
Thanks a lot.in the mysql database
table user:
localhost myuser mypassword N N N N N N N N N N N N N N
table db:
localhost mydb myuser Y Y Y Y N N N N N N
this means the the user myuser can only connect from localhost and can only select, update, delete and insert on the database mydbyour host should set any user up with the proper permissions and you shouldn't have to worry about it.
you can also donwload phpmyadmin and install it on your host to work with mysql.to copy that database, you could write up a little script...
first dump with your phpmyadmin to let say dump.sql
then
<?php
mysql_connect('host','user','pass');
mysql_select_db('db');
$allquery = implode('',file('dump.sql'));
$allquery = explode(';',$allquery);
foreach($allquery as $query) {
mysql_query($query);
}
?>
(i did not test it)but if they can run php on the server why can't they instll phpmyadmin and make life so much easier?I believe that with your username and password for MySQL, you can just install phpmyadmin in your public_html directory somewhere. Password protect it though. It should only show your database(s).pretty hard finding good reason...
maybe some of these:
-why install phpmyadmin when you will use it only one time to setup the database?
-is phpmyadmin 100% secure? i don't know about that.
should we install it on production server or only connect by ssh and do some mysql in command line?
-hardcore coders that don't need those fancy tools.
-limited space on server (is there any 5meg host anymore??)
but hey! i use phpmyadmin.
i just think that we can still "live" without it!I think it's definitely a great tool. It also is widely available through control panel distributions such as Cpanel.
As far as security goes, it's just as secure as any script you write to modify, delete, or add mysql data with. Of couurse a .htaccess with a password file will be needed too restrict access.
I love it for alot of reasons. Most importantly the ease of use on my windows laptop when i'm doing dev on the road etc.. I can look up things easily, and create DB's on the fly without closing my browser.
Of course, on my servers, i still use the command line
well if a person doesn't have access to command line to add a table or alter a column phpmyadmin comes in real handy.it is just as secure as mysql is. if a person gets the password/username for mysql then why would they care if they have it for phpmyadmin? it uses the same one. it is cookie, config, or htaccess protected so I see no harm.