-3

I am making a network based Android application. I have created a server on my web hosting. I have used PHP and MySQL to handle database operations, now I want to assign a user to this database and grant him/her privileges so as to manipulate data.

However I am not sure which privileges I should grant to the user and which not, I have attached a screen shot to the page asking me to grant privileges, I want to know what will be secure and what can cause me potential harm.

enter image description here

halfer
  • 19,824
  • 17
  • 99
  • 186
Skynet
  • 7,820
  • 5
  • 44
  • 80
  • Why would you ever give a user direct access to manipulate the database? The database layer should handle the request and act accordingly. I can't see this practice being beneficial in the least. – Ohgodwhy Mar 20 '13 at 08:32
  • The whole purpose of granting a single user access to database, is for connection purpose and to run the queries. This database access is not for the users who use my application but it is kind of a bridge between the users and the database. – Skynet Mar 20 '13 at 08:34

1 Answers1

2

You only need CRUD (Create, Read, Update, Delete) privileges.

So DELETE, INSERT, UPDATE, SELECT and EXECUTE(if you have some stored procedures to call) should suffice!

JoDev
  • 6,633
  • 1
  • 22
  • 37