Lykos22 Posted October 27, 2012 Share Posted October 27, 2012 Hi i'd like to ask a question about adding a user from phpmyadmin > privileges, cause i haven't totaly cleared this in my mind.Could you tell me in which exactly cases should i do this? is it something i should always do? I've seen many people do this.Personaly what i 'm used to doing is, if for example i have a membership site, with administrator(s), moderators and simple users, i have a table in my database named users and in this i have a collumn named admin, which is 0 for simple users, 2 for moderators and 1 for administrator etc etc.Is this (my way) the same to the one i'm refering to, or not? Link to comment Share on other sites More sharing options...
birbal Posted October 27, 2012 Share Posted October 27, 2012 (edited) mysql user has privilages to do some certain action you will set. 'root' user has all privilages. when you use third party mysql database you are not login using root privilage. they set up you as user with lesser privilages. what happened is when your user uses your application they mainly query your database most and insert/update or delete. your user barely needs to alter table,drop table,creating triggers or stored procedure or droping database. so you set up a less privilaged user of mysql to do that interaction for your user, it reduces chances of having mischief with your database by mallicious user (they cant have access anyway to do sensitive action if they manage to get acceess to your database. some people set up different privilage for same application. like ordinary user should not have delete anything so you gave permission to them only select,update,insert. and give delete permission connection to mods or admin. basic rule of security in programming is giving as minimum permission possible to do certain job. this is role based authentication for mysql, when you set up database for role based privilage like setting flags, you are creating your role based permission system for your application not for your mysql. Edited October 27, 2012 by birbal Link to comment Share on other sites More sharing options...
Lykos22 Posted October 27, 2012 Author Share Posted October 27, 2012 Thanks for the reply. Ok so if i understand it right from phpmyadmin i add a user to manage the database form the backend, as adeveloper for example, and thats all. The administrator of the (membership) site has nothing to do with that. Or for example in a personal site i set a root user for managing the db and a mysql user(admin) for editing content etc etc, right? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now