top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

MYSQL: When to create a new user?

+1 vote
494 views

I am writing a web application in perl that will create, edit, update and delete data from a MySQL database. I have written a perl module that will manage the connections (issue database handles ). As new users sign up for the application should each get their own MySQL username and password or is okay to execute their queries with the same (one generic) MySQL username and password?

posted Aug 19, 2015 by Deepti Singh

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

2 Answers

0 votes

one generic for the application

Since you normally never ever should connect as root to your application it even don't have the permissions to add mysql-users.

How would you even imagine working with a usertable on your applications side which is for every user different - chicken/egg

answer Aug 19, 2015 by Deepak Dasgupta
0 votes

One generic, non-admin user is what you'll find in most apps.

Some developers take the approach of creating several users based on level of operation and least privilege, particularly for public facing scripts.

So, for example, if the operation is to delete data, that might be one user. Perhaps there is some very sensitive data in the environment and you'll create a given user for accessing that data and no other user has access to that data.

Each user is given no greater access than is required based on the intent of that user.

Then the given script connects with the appropriate user here.

Of course, you should program against and have defenses for db-related vulnerabilities like SQL-injection, but the thinking with the multiple users is if you had a script that was vulnerable to some exploit, the damage would be limited to the privileges of the mysql user used to connect to your database. It's a bit harder to manage and requires some more planning up front, but it adds to damage control in case of a db related exploit. You'd make this call based on how sensitive and important your data is and how much effort you are willing to put into the planning and design.

answer Aug 19, 2015 by Vijay Shukla
Similar Questions
0 votes

We currently have a problem with a master slave setup running mysql 5.0.

This is one of our legacy servers which are in the planning to be upgraded, however in order for this to be done the replication needs to be up and running.

The problem we have currently however is that the binary logs on the master was moved to a seperate partition due to disc space restrictions.

A new binlog file called mysql-bin.1 was created and everything seemed to work fine.

However, the moment the file reached the file size of 100Mb, it does not go on to create a new binlog file called mysql-bin.2 and the replication fails stating that it is unable to read the binary log file.

Thus far we have done a flush logs and reset master , but the same problem occurs, where it creates mysql-bin.1 and the moment it reaches it's max size and suppose to create a new file, it stops and
does not create the new one.

I really hope this makes sense, and that someone can perhaps point us in the correct direction.

...