Running as root is considered bad practice in Linux as it means if anyone ever hacks the Linux server has full unabashed rights to do all sorts of dangerous stuff, also full root does not challenge when permissions or rights are changed. In Linux (which is most likely the type of O.S. running on your free host) a user normally uses 'sudo' to perform admin functions - in other words they temporarily take admin capabilities for the specific task being performed, but if someone hacks their user then it is typically not as dangerous as root.
The Linux operating system has users and rights which are not related to MySql users and permission. For example a Root Linux user can have no or very limited access to a MySQL database running within its' own system.
To your questions:
You or may not be using a 'lets call it an' admin account on your free host; it depends what database permissions are given to this user:
<font face='monospace'><font color='#993333'>[B]SELECT[/B]</font> <font color='#993333'>[B]CURRENT_USER[/B]</font><font color='#66CC66'>(</font> <font color='#66CC66'>)</font> </font>
b2_12345@% <font color='#808080'>[I]------------------------[/I]</font><font color='#993333'>[B]SELECT[/B]</font> <font color='#993333'>[B]USER[/B]</font><font color='#66CC66'>(</font><font color='#66CC66'>)</font> <font face='monospace'>b2_12345@192<font color='#66CC66'>.</font>168<font color='#66CC66'>.</font>0<font color='#66CC66'>.</font>2</font>
This user could be granted full admin rights, which would be a bad idea to use this database users in your connection information.
A MySql can be granted user permissions, database permissions, and host permissions. A user that has:
- User Permissions:
- Access from 'Any' Hosts (any location remote or local)
- Permission: Select table data, Insert table data, Update table data, Delete table data, Create tables, Drop tables, Reload grants, Shutdown database, Manage Processes, File operations, Grant privileges, reference operations, Manage indexes, Alter talbes, Show databases, Superuser, Create temp tables, Lock tables, Execute, Slave replications, Client replication, Create View, Show View, Create Routing, Alter Routine, and Create User
- Database Permissions: Can access 'Any' database from 'Any' hosts with 'All' permissions
- Hosts: Can Access 'Any' databases from specific hosts (say 172.16.0.172 or myfavouritedeveloper.com) with 'All' permissions
A user with all these permission would have 'Super User' abilities. This is why I said that your 'b2_12345'user may be set with some or all these permissions. You will likely have some control of some of these permissions in your CPanel; although hosts differ in what control they give to you.
Knowledgable hackers can do a number of security driven 'vector' attacks on your php application that can expose your database connection info. If your user has full rights then they can reek all sort of havoc with your database; they could hack your database, or maybe run another MySQL spam database from your account.
There is no 'generic' user in MySQL. The rest of this is answered in Q2
Understand what rights a user needs with your applications and run a user with just the permissions required to run your application. For example, if your application only requires the ability to Select, Insert, and Update then you create a database user with only these rights and use it in your connections string. The other important part to your security is understanding how your host secures MySQL, you might want to ask them what security measures they use. You could research what they told you to ensure they are following best practices and appropriate security measures.
Hope this helps.