Creating MySQL user with security

-2

For security reasons, what privileges should a database user have or should not have?

    
asked by anonymous 07.04.2018 / 00:42

2 answers

1

Depends on the role of the user in accessing the database. For example, a data-only user should not have access to "INSERT" or "DELETE" even though business logic is prepared not to do these tasks, if the user is used improperly for some reason, permissions than desired.

    
07.04.2018 / 01:02
-2

This will depend on what tasks the user will need to run in the database. For example, an application user will need the basic privileges (select, insert, update and delete) but in some applications you may need to create temporary tables or even a view.

The best thing to do is to provide the minimum necessary permissions (the "data" block) and, depending on the case, to guarantee others.

Note, you can have more than one user accessing the same database, sometimes it can be interesting to create someone for the application itself, others for administrative routines, backup, etc.

    
07.04.2018 / 00:48