Sorensen84 wrote:I can see there is a lot of ways to create a user an a database.
Sorensen84 wrote:But what is the best way to do it?
Sorensen84 wrote:I have plans on doing a lot of different websites, and I would like to have a different user to each database with a password. Is that a good way to do it?
Sorensen84 wrote:So I go into Xampp and will create a new user.
Sorensen84 wrote:1. Shall I first create the user or the database and then create a new database?
Sorensen84 wrote:2. [...] But If you create the user first, shall I then choose this option "Grant all privileges on wildcard name (username\_%)"
Sorensen84 wrote:But what is the best way to do it? Create the database or the user first?
Sorensen84 wrote:3. You can also go into your database and see the users that can use the database and under "edit privileges" there is a category named "Database-specific privileges" where there is this option "Add privileges on the following database" where you can choose a database. What does that do?
Sorensen84 wrote:4. When i choose one of my databases and choose the option "privileges" then I can see, that all my users have access to the database. I just want to have one specific user to each database. I don't want all my users to have access to all of my databases. How do I that?
Sorensen84 wrote:1. When I go into my databases and choose privileges, all my users have access to all my databases. Is that because they're global?
Sorensen84 wrote:How do I change that? I just want one user to each database.
Sorensen84 wrote:2. You are saying I should not grant all privileges to my user. But I would still like to have full control over everything. What did you do?
Sorensen84 wrote:3. Is this a good way to do it:
I first make the database, then go into the database I have created and choose privileges and add a new user. Here I can make a password for the new user, and there is and option called "Database for user" Shall I then choose "Grant all privileges on database"? Do I then have full control over the database without it being global?
Sorensen84 wrote:Under that there is another option called "Global privileges (Check All / Uncheck All) " What shall I choose there?
Sorensen84 wrote:I don't want all of my users to have access to this database, only the user i create for the database. That means it should not be global, right?
Sorensen84 wrote:Because if it is global, that user will have access to all the further databases I am making, is that right?
Sorensen84 wrote:4. What does that global privileges actually means? What do it do?
Sorensen84 wrote:5. Will you write down exactly what you do, when you create a database and user. And what options you make, and what privileges you take. And explain why you do it.
Sorensen84 wrote:So the only user I should have with global privileges, is the root user.
Sorensen84 wrote:I can see that the root user also have access to all my databases. Should I delete that user our just let it be.
Sorensen84 wrote:Do you also have a root user, who has access to all your databases?
Sorensen84 wrote:The root user was already created when I installed Xampp, so shall I just let it be, our can you change the root users permissions as well?
Sorensen84 wrote:Is it a good idea to have the root user, who has access to all databases if something should happen?
Sorensen84 wrote:Like i said before, I just want one user to each database, but the root user has access to all of them.
Sorensen84 wrote:Any % -- USAGE No Edit Privileges Export
Any localhost No USAGE No Edit Privileges Export
Sorensen84 wrote:pma localhost No USAGE No Edit Privileges Export
Sorensen84 wrote:root 127.0.0.1 No ALL PRIVILEGES Yes Edit Privileges Export
root localhost Yes ALL PRIVILEGES Yes Edit Privileges Export
Can I delete them, so I only have the root user. Our are they important?
I also have two root users like you can see. One that is named "localhost" and one that is named "127.0.01" Can I delete one of them.
Our should I just let all these users be there, since they are automatically created, when I install Xampp.
Sorensen84 wrote:Under that there is an option called "Database for user" there is an option called "Grant all privileges on database "testsite" ( I have called my database for testsite) Should i choose that option?
Sorensen84 wrote:Under that there is the global privileges. Where there are "Data" "Structure" and "Administration" I should just leave all them unchecked, because I don't want global privileges, is that correct?
Sorensen84 wrote:After that my user to my new database called "testsite" look like this:
Action: Edit Privileges
Do that above look correct?
Sorensen84 wrote:Do my user only have access to the database "testsite" now.
Sorensen84 wrote:Do the users you create to your database looks like mine, and have the same features?
Sorensen84 wrote:And I have no grant. If "Grant" is set to "Yes" did that mean, that the user has Global Privileges?
Sorensen84 wrote:Is it bad to have all privileges in the database? Can it hurt anything?
Is it bad to have all privileges in the database? Can it hurt anything?
Altrea wrote:Hi Sorensen84,
Sorry i have nothing more to say, because i think everything is said.
You have all possibilities to check the user priviledges with phpmyadmin (you can check the user priviledges without clicked a database and if you click a database the user has priviledges too). From the phpmyadmin home site a user with just database specific priviledges will always be displayed as usage, independent which or how many specific priviledges he has. Thats differnet if you have clicked a database (here means all priviledges exept grant = all priviledges)Sorensen84 wrote:Is it bad to have all privileges in the database? Can it hurt anything?
I have explained that in my last post. Yes, it can hurt (keyword SQL-Injection)