MYSQL Privileges

Post here if you need help with SQL.
Post Reply
jonathon
Posts: 50
Joined: Fri May 06, 2011 5:09 pm

MYSQL Privileges

Post by jonathon »

Hello,

I'm working at providing more secure applications. Not that I think mine are particularly insecure (heres hoping not to now getting hacked). So i'm wondering, for a site in which people can only read what I write on it, is there any real need to have any other privileges other than 'Select' (in order to allow the pages to recall the said info from the DB)?

I'm not massively hot on this area of MYSQL :(
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: MYSQL Privileges

Post by jacek »

If you don't need to do anything other than a SELECT query, then only allowing SELECT should be fine. Saying that, if your sire is secure people should not be able to inject a different query type anyway, also one of the most useful attacks is getting all of the data from the database, which is still possible. So you may as well just use the standard permissions of SELECT INSERT UPDATE and DELETE.
Image
jonathon
Posts: 50
Joined: Fri May 06, 2011 5:09 pm

Re: MYSQL Privileges

Post by jonathon »

hmmm, thanks for that, I always feel hazy around this topic. But after I posted it, I was thinking about the pros and cons of it all. In this instance SELECT would be fine, I haven't got any plans to expand on user generated content at the moment. Which I suppose is something in terms of someone damaging what's already there. But yes as you say, getting all of the data isn't much better. But I feel clearer in my mind now so thanks

;)
Post Reply