Jump to content

Is It Ok To Give Out Database Information?


Recommended Posts

Hi, Quick question ...I've got someone asking me to create a database on my servers MySQL and they are asking for login information, ie: host, database name, database username and database password.Is this information safe to give out? Not recommended? Can they ever in future access my MySQL and delete / manipulate databases that I have there already? Let me know, thanks. R.

Link to post
Share on other sites

It sounds like they need to make their application connect to your database. One way is to hardcode the username and password into the code: mysql_connect("server","username","password")But the other way is to have an installer file that asks you for that data the first time you run it and then uses it later on. See if you can get the developer to do that. It's not really safe to give that information away.

Link to post
Share on other sites

User accounts in MySQL are not per-database: you can create a user account and associate it with as many databases on the system as you like, and also specify more granular permissions (e.g. whether they can CREATE TABLEs). Thus, if you want to give the user unrestricted access to a single database or set of databases, it is possible, and bar someone modifying their permissions in the future they will not be able to access databases they don't have permission to.

Link to post
Share on other sites

Well, it's up to you then, but yes, it would probably be perfectly feasible, and safer, to just install the stuff yourself.

Link to post
Share on other sites

If they have filesystem access, then that is true. I don't know what sort of contract you have with the client, but if they have free reign over their part of the server then the best you can do is create a new MySQL user account with access only to the database they will use for Wordpress - that should be secure enough.

Link to post
Share on other sites

If you are just providing host, database name, database username and database password so they can setup access to specific database, what's the problem? they don't have login information to customer login through your host login page, to access any of the other databases, or anything else! its that specific database only. If they require access to a folder on the server, you just provide ftp account to access that folder only, so they can upload wordpress, they would only have login information to access the wordpress site, which would only give details of that specific database, and tables within it only, nothing else.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...