Jump to content

Question: adding user/admin from phpmyadmin > privileges


Recommended Posts

Hi i'd like to ask a question about adding a user from phpmyadmin > privileges, cause i haven't totaly cleared this in my mind.Could you tell me in which exactly cases should i do this? is it something i should always do? I've seen many people do this.Personaly what i 'm used to doing is, if for example i have a membership site, with administrator(s), moderators and simple users, i have a table in my database named users and in this i have a collumn named admin, which is 0 for simple users, 2 for moderators and 1 for administrator etc etc.Is this (my way) the same to the one i'm refering to, or not?

Link to post
Share on other sites

mysql user has privilages to do some certain action you will set. 'root' user has all privilages. when you use third party mysql database you are not login using root privilage. they set up you as user with lesser privilages. what happened is when your user uses your application they mainly query your database most and insert/update or delete. your user barely needs to alter table,drop table,creating triggers or stored procedure or droping database. so you set up a less privilaged user of mysql to do that interaction for your user, it reduces chances of having mischief with your database by mallicious user (they cant have access anyway to do sensitive action if they manage to get acceess to your database. some people set up different privilage for same application. like ordinary user should not have delete anything so you gave permission to them only select,update,insert. and give delete permission connection to mods or admin. basic rule of security in programming is giving as minimum permission possible to do certain job. this is role based authentication for mysql, when you set up database for role based privilage like setting flags, you are creating your role based permission system for your application not for your mysql.

Edited by birbal
Link to post
Share on other sites

Thanks for the reply. Ok so if i understand it right from phpmyadmin i add a user to manage the database form the backend, as adeveloper for example, and thats all. The administrator of the (membership) site has nothing to do with that. Or for example in a personal site i set a root user for managing the db and a mysql user(admin) for editing content etc etc, right?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...