• 0

Should I create a unique MySQL user per logged in person?

Asked by Jose_49,

 Share

Question

Grand Master

Jose_49

Posted
Posted

Yo Neowin!

I want to know what do you suggest in terms of security, and speed, whether is recommended or not to create an individual user for each person that logs in to my site.

I mean. I usually verify a username on a table, and assign unique tables to each of my users with a General MySQL user account with limited privileges. But since I've been reading a little bit more about MySQL (I only know the basics), I've seen that to improve security I could assign certain limits on MySQL users and only allow access to certain tables.

So, what can you suggest me in terms of MySQL users?

Thanks :p

14 answers to this question

Recommended Posts

  • 0
Grand Master

Jose_49

Posted
  • Author
Posted

What do you mean unique mysql user per logged in user, what type of site is this?

I mean, to create a MySQL user. The default user on a MySQL server is root. I would like to know if it would improve security having a separate user like "John" which would only access Joh_products and John_clients table and will have limited privileges like SELECT, DROP, UPDATE, INSERT commands.

This site, is on development right now, so everything can be modified. It's a receipt management website, which each of the users will have their own clients stats, number of purchases, receipts, etc.

  • 0
Grand Master

Mr.XXIV

Posted
Posted

I mean, to create a MySQL user. The default user on a MySQL server is root. I would like to know if it would improve security having a separate user like "John" which would only access Joh_products and John_clients table and will have limited privileges like SELECT, DROP, UPDATE, INSERT commands.

This site, is on development right now, so everything can be modified. It's a receipt management website, which each of the users will have their own clients stats, number of purchases, receipts, etc.

I truly would not recommend that at all.

  • 0
Grand Master

n_K

Posted
Posted

NEVER use the root account AT ALL once you've configured the MySQL server, make another account and grant it root-like permissions and ONLY use the root account as a last resort if something breaks to restore everything.

Yes use different accounts for different sites, one account for all clients on one site should be fine i.e. one account for this receipt tracking site, another account for a control panel site, etc.

  • 0
Grand Master

Sandor

Posted
Posted

You should only really need one master user for the mysql database itself. Then use web based forms (in PHP for example) to allow the people to add/delete/update their data. They don't need to have direct access to the database tables to do this. I don't really see the point of having totally distinct tables for each user either. Seems like a lot of duplication and you'll end up with a massive amount of tables.

  • 0
Grand Master

Jose_49

Posted
  • Author
Posted

Thanks to all of the above. Now I have a clear mind.

NEVER use the root account AT ALL once you've configured the MySQL server, make another account and grant it root-like permissions and ONLY use the root account as a last resort if something breaks to restore everything.

Yes use different accounts for different sites, one account for all clients on one site should be fine i.e. one account for this receipt tracking site, another account for a control panel site, etc.

I shall take this recommendation then :)

I don't really see the point of having totally distinct tables for each user either. Seems like a lot of duplication and you'll end up with a massive amount of tables.

:/ There was no other way my logic could function.

I Googled a bit and found that there wasn't any problem having multiple tables. The thing is that it allows flexibility. I didn't see a good way on putting the client info, the receipt #, the quantity, price of the product purchased (because it has a variable price), the current product id, the tax, and whether it was paid, delivered or not. So I could fetch it in a productive way later on....

Anyways, I'm open to suggestions :D

  • 0
Community Regular

mollick2

Posted
Posted

I Googled a bit and found that there wasn't any problem having multiple tables. The thing is that it allows flexibility. I didn't see a good way on putting the client info, the receipt #, the quantity, price of the product purchased (because it has a variable price), the current product id, the tax, and whether it was paid, delivered or not. So I could fetch it in a productive way later on....

Multiple tables are fine, in fact you should be using multiple tables, but there's a much better and organized way of using them. You should be using different tables for storing types of data. If I have Users, Customers, and Receipts; I would create a separate table for each one of them. Then I would create two additional tables used for associations, one for Users->Receipts, and one for Customers->Receipts. These associative tables would only store the unique id's for the rows in the other tables.

Not sure if I explained clear enough or not, also not sure if it's quite the same idea as your system. Either way its best to have different table's for different types of data, since there's no sense in storing the same data multiple times.

  • 0
Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted

Certainly use multiple tables, but not for each user. Say you have 10 users and each user has a separate table, if you want to see all the data from all the users you have to search through 10 tables, vs. just the main table for the type of data you want.

So instead of userA_orders, userB_orders, etc. you just have a single orders table, and store what user created the order in the record you insert into the table.

  • 0
Experienced

paxa

Posted
Posted

if i've read this right. you should create a function user. one user that can insert, update, or delete records, but not modify the database structure. use that user for any transaction, and the root as a last resort.

  • 0
Grand Master

Jose_49

Posted
  • Author
Posted

Multiple tables are fine, in fact you should be using multiple tables, but there's a much better and organized way of using them. You should be using different tables for storing types of data. If I have Users, Customers, and Receipts; I would create a separate table for each one of them. Then I would create two additional tables used for associations, one for Users->Receipts, and one for Customers->Receipts. These associative tables would only store the unique id's for the rows in the other tables.

Not sure if I explained clear enough or not, also not sure if it's quite the same idea as your system. Either way its best to have different table's for different types of data, since there's no sense in storing the same data multiple times.

Certainly use multiple tables, but not for each user. Say you have 10 users and each user has a separate table, if you want to see all the data from all the users you have to search through 10 tables, vs. just the main table for the type of data you want.

So instead of userA_orders, userB_orders, etc. you just have a single orders table, and store what user created the order in the record you insert into the table.

Now I get it! Yup. Indeed. I know my logic was failing somewhere.

I just need to create a separate column with the current logged in user, and bang it with a WHERE clause to identify the user (*poker face*)

Aaaargh.

Going to work on it right now

Thank you people :D

This topic is now closed to further replies.
 Share
Go to question listing

  • Posts

    • Save 78% on Microsoft Office 2024 Professional Plus: Lifetime License

      By News Staff · Posted

      Save 78% on Microsoft Office 2024 Professional Plus: Lifetime License by Steven Parker Created with ChatGPT Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where you can save 78% on Microsoft Office 2024 Professional Plus: Lifetime License. The essentials to get it all done. Microsoft Office 2024 Home is the latest version of Microsoft’s renowned productivity suite, which includes essential applications like Word, Excel, PowerPoint, and OneNote. This version is specifically designed for individuals and families seeking reliable tools for various home tasks, including document creation, spreadsheet management, presentation design, and note-taking. Office 2024 Professional Plus is for students and families who want classic Office apps on their Mac or PC. A one-time purchase installed on 1 PC or Mac for use at home or school. Lifetime license One-time purchase installed on 1 Windows PC for use at home or work Instant Delivery & Download – access your software license keys and download links instantly Free customer service – only the best support! Microsoft Office 2024 Professional Plus includes: Microsoft Word Microsoft Excel Microsoft PowerPoint Microsoft Outlook Microsoft OneNote Microsoft Access Is it legit? Click here to verify Microsoft partnership No faffing about with subscriptions, just classic apps that don't expire. Good to Know ONE-TIME PURCHASE INSTALLED ON 1 DEVICE This licensing type will be connected with your Microsoft Account, NOT your actual device. This is a one-use code. The product you are purchasing is NOT MICROSOFT 365. Please read the product details. Redemption deadline: redeem your code within 30 days of purchase Access options: desktop Full versions No subscriptions – no monthly/annual fees Version: 2024 Updates included A Microsoft Office 2024 Professional Plus: Lifetime License normally costs $249.99, but this deal can be yours for just $54.97, that's a saving of $195. For full terms, specifications, and license info, click the link below. Microsoft Office 2024 Professional Plus for PC for $59.99 (was $249.99) Although priced in U.S. dollars, this deal is available for digital purchase worldwide. Support queries If you have queries or need support for any of the Neowin Deals, please use the contact form here. Neowin Deals are managed and sold by StackCommerce who represent Neowin on an affiliate basis. Why we post these deals We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. So for those that keep moaning and complaining, be thankful we're still online for you to even do that. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.
    • Payday 2 engine upgrade adds 64-bit and DX11 support, drastically shrinks install size

      By +Random Stranger · Posted

      Payday TWO!! Is 13 years old man I feel old - I remember trying it out and if I did not know I would say 5-6 years ago or something
    • Payday 2 engine upgrade adds 64-bit and DX11 support, drastically shrinks install size

      By LoneWolfSL · Posted

      Payday 2 engine upgrade adds 64-bit and DX11 support, drastically shrinks install size by Pulasthi Ariyasinghe Payday 2, the most popular entry in the heisting game franchise, is getting a surprising update after all these years. This is slated to be a complete engine upgrade that will enhance almost every aspect of the 13-year-old title, targeting performance, loading times, file size, rendering backend, and more. Developer Sidetrack Games is planning a beta to test out the new version ahead of the full public launch. The development team today revealed that the long-awaited upgrade to the 64-bit architecture is happening with this Diesel 3.0 engine update. By letting the game use more ram than 4GB, it is said to improve stability and compatibility on most hardware. It should also help modders in the long term with implementing larger changes too. "While many of the changes are made on the backend and not everything will be visible to you guys because it is a massive rewrite of the entire codebase, there will be a lot of things that you can look forward to," Sidetrack explained. Payday 2 will also hop over from DirectX 9 to 11. Instead of visual improvements, this is slated to reduce the amount of VRAM used by the title, letting more lower-end hardware access the title and run it better. Since these changes would require a complete redownload of the game anyway, Sidetrack says it has revamped "the game's packaging and bundling system." This should reduce the installation size from 86GB to 32GB. "So, now it's time to finally move the game to your SSDs," added the studio. The Payday 2 Diesel Engine 3.0 update is entering open beta on June 30 for Steam users. No console release plans were announced today. Sidetrack Games says it has been working on this complete rewrite of the codebase for the last nine months. While these changes should break most mods, the studio encouraged modders to use the beta period to repair their creations with support from the development team.
    • Politically funny images of the World

      By +Edouard · Posted

    • The official Funny Pictures thread

      By +Edouard · Posted

  • Recent Achievements

    • Week One Done
      Scoobystu earned a badge
      Week One Done
    • Week One Done
      tuben earned a badge
      Week One Done
    • First Post
      OffsetAbs earned a badge
      First Post
    • Reacting Well
      OffsetAbs earned a badge
      Reacting Well
    • First Post
      Kolakid60 earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      440
    2. 2
      +Edouard
      197
    3. 3
      PsYcHoKiLLa
      156
    4. 4
      FloatingFatMan
      71
    5. 5
      Steven P.
      68
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!