I want to ask maybe a stupid question, but still: if I have php server that communicates with MySQL and it is protected against injection attacks, is it still important that I set privileges for each and every user separately? Or all that matters is that I have already set basic privileges for all users? e. g. no "DROP ALL DATABASES" stuff. Thanks for the answer! I really appreciate it!
Asked
Active
Viewed 75 times
0
-
6every user should have no more privileges than they absolutely need – Mar 08 '16 at 19:54
-
1As @Dagon says, you should follow the principle of least privilege. https://en.wikipedia.org/wiki/Principle_of_least_privilege – Chris Mar 08 '16 at 20:08
-
most setups would only have one user anyway – Mar 08 '16 at 20:10
-
Did I answer your question? – Mar 09 '16 at 17:40
-
Thank you all, sorry for not responding, you were right - I will pick one right answer, but all of you had a point – Jan Jindra Jindráček Mar 15 '16 at 20:18
1 Answers
0
You can't steal something that doesn't exist
Don't give hackers the ability to manipulate anything (db information, code, privileges, etc.)
You can never be too safe
Community
- 1
- 1