I'm getting ready to deploy a CakePHP site for the first time. I'm using the site with a MySQL database, and I'm still a little unclear about the proper use of users & permissions for MySQL -- I'm talking about the "login" and "password" fields that appear in app/config/database.php. During development, I've been using 'root' and 'root' -- but I'm pretty sure that can't be a good idea. So my question is: what are the best practices for assigning a MySQL user to a CakePHP app, and what MySQL privileges should be assigned to it?
+2
A:
The least amount of permissions possible, so INSERT, SELECT, UPDATE, and DELETE on the database in question, certainly not CREATE/DROP privileges. Best practice: make the password hard to guess. You're hardcoding it anyways, there's no reason not to make it a terrible monster of a password. Also, ensure it can only be accessed by localhost or your IP.
GRANT INSERT, SELECT, DELETE, UPDATE ON mydb.* to 'myuser'@'localhost' IDENTIFIED BY 'monsterpassword'
Xorlev
2010-04-27 05:20:51
Sounds like good advice. Are there any restrictions/conventions typically assigned to the user names?
Steve
2010-04-27 05:23:49
Not really. I mean, make it something common sense. Personally I do mysite_site as the username, so I know it's the privileges associated with the site's access, versus an admin interface or something.
Xorlev
2010-04-27 05:27:05
Great. Many thanks!
Steve
2010-04-27 06:16:20