mysql security

[frankieJr]

hey all ..im making a website using php and mysql for the database ..... i was doin okay but i got confused ( btw this is my first website )i'm gonna use the database to store information about the users and they might view some of the information there and change stuff like each user can change his/her own pass , okay im doing all of that by checking the user in php code and have the new pass ( for example ) stored in a variable then change the data on the database .... my questions is do i have to give access to mysql ( to the database ) to users and give them privileges ?!?!? or is it possible to only view data from database by the php code itself ? so no one need to access the database but the server ?and i have read at php.net that Never connect to the database as a superuser or as the database owner. Use always customized users with very limited privileges. !!!!!!!!!!!!!!! i'm really confused and dont know wat exactly to ask , so i need some help ..thx

[jesh]

You typically create one user so that your webserver can connect to the database. You don't need to create a separate database user for each user of your website. You only need the one user for the webserver.

[frankieJr]

gr8 .. thx .and how about i should give little privileges to that user ?!?!?

[jesh]

Check out the documentation.Security: http://dev.mysql.com/doc/refman/5.0/en/security.htmlPrivilege System: http://dev.mysql.com/doc/refman/5.0/en/privilege-system.htmlUser Account Management: http://dev.mysql.com/doc/refman/5.0/en/use...management.html