mySQL security (was in db development forum)
Sorry for the cross-post, but there wasn't much response at the db development forum (there don't seem to be many people over there). Here's the issues:
1. I've been fooling with mysql's user privilege system today, and I was wondering if there is a way to change the default user that mysql uses when someone just runs mysql, i.e.:
when I run mysql this way, there is no prompt for a password, it just dumps me straight to the mysql> prompt. The thing is that it seems to be using the root account, since I can do just about anything, including edit the mysql.user table. Any way to change this so that it prompts for a user name and password, or am I just being paranoid?
2. I have a user "webuser" that is used for web connections. I have explicitly revoked drop and create privileges from webuser (among others):
revoke drop on *.* from webuser;
revoke create on *.* from webuser;
and yet I can create and drop databases at will when I log in as webuser. Why don't the privileges apply?