I'm getting ready to deploy a CakePHP site for the first time. I'm using the site with a MySQL database, and I'm still a little unclear about the proper use of users & permissions for MySQL -- I'm talking about the "login" and "password" fields that appear in app/config/database.php. During development, I've been using 'root' and 'root' -- but I'm pretty sure that can't be a good idea. So my question is: what are the best practices for assigning a MySQL user to a CakePHP app, and what MySQL privileges should be assigned to it?
Asked
Active
Viewed 1,843 times
1 Answers
7
The least amount of permissions possible, so INSERT, SELECT, UPDATE, and DELETE on the database in question, certainly not CREATE/DROP privileges. Best practice: make the password hard to guess. You're hardcoding it anyways, there's no reason not to make it a terrible monster of a password. Also, ensure it can only be accessed by localhost or your IP.
GRANT INSERT, SELECT, DELETE, UPDATE ON mydb.* to 'myuser'@'localhost' IDENTIFIED BY 'monsterpassword'
Xorlev
- 8,561
- 3
- 34
- 36
-
Sounds like good advice. Are there any restrictions/conventions typically assigned to the user names? – Steve Apr 27 '10 at 05:23
-
Not really. I mean, make it something common sense. Personally I do mysite_site as the username, so I know it's the privileges associated with the site's access, versus an admin interface or something. – Xorlev Apr 27 '10 at 05:27