PhpMyAdmin; Should I disable root login?

Question

I have this setup in Phpmyadmin:

    USER              HOST         PASSW           PRIVILEGES         GRANT

debian-sys-maint    localhost      Yes          ALL PRIVILEGES         YES
phpmyadmin          localhost      Yes          USAGE                  NO
root                127.0.0.1      Yes          ALL PRIVILEGES         YES
root                localhost      Yes          ALL PRIVILEGES         YES
root                my_hostname    Yes          ALL PRIVILEGES         YES
username            localhost      Yes          ALL PRIVILEGES         YES

Where "username" is my username and "my_hostname" is my hostname.

I am currently only logging in as the last one (username, localhost). Also, I have php which also uses the last ones login details.

Should I disable the other ones?

And, what other security measures should I take?

BTW: My server is Linux and I have root access.

Thanks

Answer 1

If you're not using one, delete it (Don't delete the three root logins, they will allow you to get super user access to fix something if something goes wrong)...

However, I'd suggest "limited permission" users. Grant each user access only to the data it needs to modify. That way you limit the damage an attacker can do. Using one login for everything is just as bad as using root in production...

Answer 2

As a general rule it is always advisable to use accounts with as little privileges as possible. There are two mainreasons:

• You prevent mistakes from making too bad mistakes. All mistakes can't be prevented, though
• Attackers can't cause as much trouble. Assume some attacker hijacks your account.