Can I create additional MySQL usernames with different permissions?
We're occasionally asked if it's possible to create additional MySQL usernames that have different permissions for the same database (such as a username that has only SELECT
permission).
We don't currently support this option; our MySQL user management system is handled by a separate process that assigns one username per database. And for security reasons, you won't be able to create an extra username yourself (if you could create a new username with permission to read your database, other users could do the same thing to look at your databases).
Then how do I protect my MySQL username and password?
The usual reason we're asked this question is because people plan to put their MySQL username and password into a script in their Web directory, and they're worried that a stranger might somehow be able to read the source code to view the database username and password. That's a valid concern, but a better solution is to move the username and password into a separate file in your home directory, where it can never be viewed by others, even if some sort of problem happens that allows strangers to view the source code to your script.
To do this using PHP, you would create a file named (for example) "mysql.include" in your home directory. The file would just set the variables, something like this:
<?php $mysql_username = 'username'; $mysql_password = 'password'; ?>
Then you would "include" (or even better, "require") that file in your main script, like this:
require '/home/ex/example.com/mysql.include';
That will ensure that even if someone views the source code of your main script, they won't be able to find out the database password.
Copyright © 2000-2024 Tiger Technologies LLC