reflex84 Posted September 15, 2011 Share Posted September 15, 2011 Hi, Quick question ...I've got someone asking me to create a database on my servers MySQL and they are asking for login information, ie: host, database name, database username and database password.Is this information safe to give out? Not recommended? Can they ever in future access my MySQL and delete / manipulate databases that I have there already? Let me know, thanks. R. Link to comment Share on other sites More sharing options...
Ingolme Posted September 15, 2011 Share Posted September 15, 2011 It sounds like they need to make their application connect to your database. One way is to hardcode the username and password into the code: mysql_connect("server","username","password")But the other way is to have an installer file that asks you for that data the first time you run it and then uses it later on. See if you can get the developer to do that. It's not really safe to give that information away. Link to comment Share on other sites More sharing options...
Synook Posted September 15, 2011 Share Posted September 15, 2011 User accounts in MySQL are not per-database: you can create a user account and associate it with as many databases on the system as you like, and also specify more granular permissions (e.g. whether they can CREATE TABLEs). Thus, if you want to give the user unrestricted access to a single database or set of databases, it is possible, and bar someone modifying their permissions in the future they will not be able to access databases they don't have permission to. Link to comment Share on other sites More sharing options...
reflex84 Posted September 15, 2011 Author Share Posted September 15, 2011 Hi Guys, thanks for your input ... they say they need it to install wordpress, thats why they need that database information. Shouldn't I just install it and then give them the login password to their wordpress control panel? Link to comment Share on other sites More sharing options...
Synook Posted September 15, 2011 Share Posted September 15, 2011 Are they a client renting your servers, or just like a friend? Link to comment Share on other sites More sharing options...
reflex84 Posted September 15, 2011 Author Share Posted September 15, 2011 Its a client who hosting his website (not a wordpress site) with me and its another company who my client bought a wordpress plugin from who wants my MySQL details.... Link to comment Share on other sites More sharing options...
Synook Posted September 15, 2011 Share Posted September 15, 2011 Well, it's up to you then, but yes, it would probably be perfectly feasible, and safer, to just install the stuff yourself. Link to comment Share on other sites More sharing options...
reflex84 Posted September 15, 2011 Author Share Posted September 15, 2011 Hi, When saying that I can't give out Database login details and that I should install wordpress instread - I get this reply: "if you're going to install WordPress for me... I'll be able to see the login details in the wp-config.php file anyways" Link to comment Share on other sites More sharing options...
Synook Posted September 15, 2011 Share Posted September 15, 2011 If they have filesystem access, then that is true. I don't know what sort of contract you have with the client, but if they have free reign over their part of the server then the best you can do is create a new MySQL user account with access only to the database they will use for Wordpress - that should be secure enough. Link to comment Share on other sites More sharing options...
dsonesuk Posted September 15, 2011 Share Posted September 15, 2011 If you are just providing host, database name, database username and database password so they can setup access to specific database, what's the problem? they don't have login information to customer login through your host login page, to access any of the other databases, or anything else! its that specific database only. If they require access to a folder on the server, you just provide ftp account to access that folder only, so they can upload wordpress, they would only have login information to access the wordpress site, which would only give details of that specific database, and tables within it only, nothing else. Link to comment Share on other sites More sharing options...
justsomeguy Posted September 15, 2011 Share Posted September 15, 2011 It sounds a little weird that you're hosting sites for people and you don't know whether or not it's a good idea to give out login information or how to isolate users. Are you sure you want to be in the hosting business? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.