• 0

Should I create a unique MySQL user per logged in person?

Asked by Jose_49,

 Share

Question

Grand Master

Jose_49

Posted
Posted

Yo Neowin!

I want to know what do you suggest in terms of security, and speed, whether is recommended or not to create an individual user for each person that logs in to my site.

I mean. I usually verify a username on a table, and assign unique tables to each of my users with a General MySQL user account with limited privileges. But since I've been reading a little bit more about MySQL (I only know the basics), I've seen that to improve security I could assign certain limits on MySQL users and only allow access to certain tables.

So, what can you suggest me in terms of MySQL users?

Thanks :p

14 answers to this question

Recommended Posts

  • 0
Grand Master

Jose_49

Posted
  • Author
Posted

What do you mean unique mysql user per logged in user, what type of site is this?

I mean, to create a MySQL user. The default user on a MySQL server is root. I would like to know if it would improve security having a separate user like "John" which would only access Joh_products and John_clients table and will have limited privileges like SELECT, DROP, UPDATE, INSERT commands.

This site, is on development right now, so everything can be modified. It's a receipt management website, which each of the users will have their own clients stats, number of purchases, receipts, etc.

  • 0
Grand Master

Mr.XXIV

Posted
Posted

I mean, to create a MySQL user. The default user on a MySQL server is root. I would like to know if it would improve security having a separate user like "John" which would only access Joh_products and John_clients table and will have limited privileges like SELECT, DROP, UPDATE, INSERT commands.

This site, is on development right now, so everything can be modified. It's a receipt management website, which each of the users will have their own clients stats, number of purchases, receipts, etc.

I truly would not recommend that at all.

  • 0
Grand Master

n_K

Posted
Posted

NEVER use the root account AT ALL once you've configured the MySQL server, make another account and grant it root-like permissions and ONLY use the root account as a last resort if something breaks to restore everything.

Yes use different accounts for different sites, one account for all clients on one site should be fine i.e. one account for this receipt tracking site, another account for a control panel site, etc.

  • 0
Grand Master

Sandor

Posted
Posted

You should only really need one master user for the mysql database itself. Then use web based forms (in PHP for example) to allow the people to add/delete/update their data. They don't need to have direct access to the database tables to do this. I don't really see the point of having totally distinct tables for each user either. Seems like a lot of duplication and you'll end up with a massive amount of tables.

  • 0
Grand Master

Jose_49

Posted
  • Author
Posted

Thanks to all of the above. Now I have a clear mind.

NEVER use the root account AT ALL once you've configured the MySQL server, make another account and grant it root-like permissions and ONLY use the root account as a last resort if something breaks to restore everything.

Yes use different accounts for different sites, one account for all clients on one site should be fine i.e. one account for this receipt tracking site, another account for a control panel site, etc.

I shall take this recommendation then :)

I don't really see the point of having totally distinct tables for each user either. Seems like a lot of duplication and you'll end up with a massive amount of tables.

:/ There was no other way my logic could function.

I Googled a bit and found that there wasn't any problem having multiple tables. The thing is that it allows flexibility. I didn't see a good way on putting the client info, the receipt #, the quantity, price of the product purchased (because it has a variable price), the current product id, the tax, and whether it was paid, delivered or not. So I could fetch it in a productive way later on....

Anyways, I'm open to suggestions :D

  • 0
Community Regular

mollick2

Posted
Posted

I Googled a bit and found that there wasn't any problem having multiple tables. The thing is that it allows flexibility. I didn't see a good way on putting the client info, the receipt #, the quantity, price of the product purchased (because it has a variable price), the current product id, the tax, and whether it was paid, delivered or not. So I could fetch it in a productive way later on....

Multiple tables are fine, in fact you should be using multiple tables, but there's a much better and organized way of using them. You should be using different tables for storing types of data. If I have Users, Customers, and Receipts; I would create a separate table for each one of them. Then I would create two additional tables used for associations, one for Users->Receipts, and one for Customers->Receipts. These associative tables would only store the unique id's for the rows in the other tables.

Not sure if I explained clear enough or not, also not sure if it's quite the same idea as your system. Either way its best to have different table's for different types of data, since there's no sense in storing the same data multiple times.

  • 0
Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted

Certainly use multiple tables, but not for each user. Say you have 10 users and each user has a separate table, if you want to see all the data from all the users you have to search through 10 tables, vs. just the main table for the type of data you want.

So instead of userA_orders, userB_orders, etc. you just have a single orders table, and store what user created the order in the record you insert into the table.

  • 0
Experienced

paxa

Posted
Posted

if i've read this right. you should create a function user. one user that can insert, update, or delete records, but not modify the database structure. use that user for any transaction, and the root as a last resort.

  • 0
Grand Master

Jose_49

Posted
  • Author
Posted

Multiple tables are fine, in fact you should be using multiple tables, but there's a much better and organized way of using them. You should be using different tables for storing types of data. If I have Users, Customers, and Receipts; I would create a separate table for each one of them. Then I would create two additional tables used for associations, one for Users->Receipts, and one for Customers->Receipts. These associative tables would only store the unique id's for the rows in the other tables.

Not sure if I explained clear enough or not, also not sure if it's quite the same idea as your system. Either way its best to have different table's for different types of data, since there's no sense in storing the same data multiple times.

Certainly use multiple tables, but not for each user. Say you have 10 users and each user has a separate table, if you want to see all the data from all the users you have to search through 10 tables, vs. just the main table for the type of data you want.

So instead of userA_orders, userB_orders, etc. you just have a single orders table, and store what user created the order in the record you insert into the table.

Now I get it! Yup. Indeed. I know my logic was failing somewhere.

I just need to create a separate column with the current logged in user, and bang it with a WHERE clause to identify the user (*poker face*)

Aaaargh.

Going to work on it right now

Thank you people :D

This topic is now closed to further replies.
 Share
Go to question listing

  • Posts

    • Windows 11 is getting redesigned taskbar settings in new build

      By nekrosoft13 · Posted

      finally [Taskbar] Taskbar customization just got easier. As we continue to make improvements to the Taskbar experience mentioned last month, we've introduced a dedicated Taskbar Size setting, making it simpler to find, understand, and personalize your ideal taskbar experience.
    • Notion is shutting down its email client one year after launch

      By Chugworth · Posted

      Let me get this straight... It was a web interface for Gmail, so if privacy at Google wasn't concerning enough you'd be going through two companies. And their big feature was the very thing that would make people consider dumping Gmail.
    • The official Funny Pictures thread

      By Steven P. · Posted

    • Microsoft's fast coding model MAI-Code-1-Flash comes to Copilot Business and Enterprise

      By Karthik Mudaliar · Posted

      Microsoft's fast coding model MAI-Code-1-Flash comes to Copilot Business and Enterprise by Karthik Mudaliar Microsoft’s recently announced MAI-Code-1-Flash model is now generally available to GitHub Copilot Business and Copilot Enterprise customers. With this support, organizations can have more centralized policy controls and billing while finally being able to use Microsoft’s lightweight, first-party coding model. According to GitHub’s announcement, Business and Enterprise plan administrators must enable the MAI-Code-1-Flash policy in Copilot settings before developers can access the model. Microsoft says that MAI-Code-1-Flash is for fast, iterative coding work rather than the most demanding architectural or debugging tasks. GitHub’s official model comparison page says that the model is great for "general-purpose coding and writing," while it excels at fast, accurate code completions and explanations Microsoft introduced MAI-Code-1-Flash on June 2 as part of a broader collection of internally developed MAI models. GitHub subsequently expanded support to Copilot CLI, the Copilot cloud agent, GitHub.com chat, GitHub Mobile, Visual Studio, JetBrains IDEs, Eclipse, and Xcode, but said support for managed Business and Enterprise customers was still on the way. In Microsoft’s own benchmark testing, MAI-Code-1-Flash scored 51.2% on SWE-Bench Pro, compared with 35.2% for Anthropic’s Claude Haiku 4.5. Microsoft also claimed that the model used up to 60% fewer tokens on SWE-Bench Verified. Do note that these are vendor-run results rather than independent measurements. The model is billed at provider list pricing under GitHub’s usage-based system. GitHub currently lists MAI-Code-1-Flash at $0.75 per million input tokens, $0.075 per million cached input tokens, and $4.50 per million output tokens. For organizations, the main incentive to use MAI-Code-1-Flash is likely to be efficiency rather than maximum capability. A smaller model that responds quickly and limits unnecessary output is quite useful for repetitive agent tasks at scale, especially after GitHub Copilot’s move toward usage-based billing. The "Flash" model is recommended for fast work and not necessarily for huge repositories with loads of context. It's better if teams compare their output with other larger models, especially if they're working on security-sensitive changes and complex, multi-file work.
    • I restored the default settings to Secure Boot. Big mistake

      By erpster3 · Posted

      yes AND no the "original" or plain/normal Optiplex 7010 won't be getting any more new firmware updates BUT the Optiplex SFF/SFF Plus {small form factor}, Micro/Micro Plus & Tower/Tower Plus 7010 editions DO get new updates such as this new one   and here are similar guides from the Dell web site for Dell systems: https://www.dell.com/support/kbdoc/en-us/000390990/secure-boot-transition-faq https://www.dell.com/support/kbdoc/en-us/000347876/microsoft-2011-secure-boot-certificate-expiration

  • Recent Achievements

    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done
    • Week One Done
      tuben earned a badge
      Week One Done
    • First Post
      OffsetAbs earned a badge
      First Post
    • Reacting Well
      OffsetAbs earned a badge
      Reacting Well

  • Popular Contributors

    1. 1
      +primortal
      462
    2. 2
      +Edouard
      213
    3. 3
      PsYcHoKiLLa
      157
    4. 4
      Steven P.
      72
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!