Hi there,

I'm developing a blog style website that will allow users to create accounts and I have some concerns about the site's security. I'm somewhat of a MySQL novice and I'm struggling to find the info I need anywhere else, so if anyone can give me a few tips it would be much appreciated.

1. Should I store the table that contains usernames/passwords in the same database as the rest of the site's data? (i.e. news stories, blogs etc.)

2. Is it possible to limit a MySQL user's access to a couple of tables? For example, the hypothetical page 'edit_profile.php' might allow a user to change their email address - would it be possible to connect to the database using a login/password that is only allowed to edit the hypothetical table 'users'?

3. How would you restrict a user from editing anything but "their" row in the hypothetical table 'users'? Would I just have to be vigilant with my PHP code in regard to the queries I write?

Thanks in advance!