MySQL username/password security

**mrwooster** · Jan 16, 2006 02:37

Dear all,

When you set up permissions for a MySQL database, you can specify from which hosts the user is valid. For example, you can set up a user/pass which is only valid when it is used on the localhost.

Surly, this means that even if someone managed to steal your user/pass for your database, unless they had access to your server, they would not be able to do anything with it as the user/pass can only connect to the database from the localhost.

Thanks

Guy

**longneck** · Jan 16, 2006 10:33

yes

**mrwooster** · Jan 16, 2006 10:45

Originally Posted by longneck

yes

Errr... please could you elaborate

thanks

Guy

**longneck** · Jan 16, 2006 11:05

not really. you hit the nail on the head. if you set it up so that a mysql user can only log in from localhost, then your server would have to be compromised more than just exposing that mysql username and password for someone to exploit that account.

**mrwooster** · Jan 16, 2006 11:17

Originally Posted by longneck

not really. you hit the nail on the head. if you set it up so that a mysql user can only log in from localhost, then your server would have to be compromised more than just exposing that mysql username and password for someone to exploit that account.

So why do people keep on telling me that I need to keep my MySQL user/password stored in a file outside the web root? I guess they have not set up the user correctly.

Thanks for the reply

Regards

Guy

User Tag List

Thread: MySQL username/password security

Thread Tools

Display

MySQL username/password security

Bookmarks

Bookmarks

Posting Permissions