• 0

Should I create a unique MySQL user per logged in person?


Question

Yo Neowin!

I want to know what do you suggest in terms of security, and speed, whether is recommended or not to create an individual user for each person that logs in to my site.

I mean. I usually verify a username on a table, and assign unique tables to each of my users with a General MySQL user account with limited privileges. But since I've been reading a little bit more about MySQL (I only know the basics), I've seen that to improve security I could assign certain limits on MySQL users and only allow access to certain tables.

So, what can you suggest me in terms of MySQL users?

Thanks :p

14 answers to this question

Recommended Posts

  • 0
  On 04/01/2013 at 14:01, SuperKid said:

What do you mean unique mysql user per logged in user, what type of site is this?

I mean, to create a MySQL user. The default user on a MySQL server is root. I would like to know if it would improve security having a separate user like "John" which would only access Joh_products and John_clients table and will have limited privileges like SELECT, DROP, UPDATE, INSERT commands.

This site, is on development right now, so everything can be modified. It's a receipt management website, which each of the users will have their own clients stats, number of purchases, receipts, etc.

  • 0
  On 04/01/2013 at 14:06, Jose_49 said:

I mean, to create a MySQL user. The default user on a MySQL server is root. I would like to know if it would improve security having a separate user like "John" which would only access Joh_products and John_clients table and will have limited privileges like SELECT, DROP, UPDATE, INSERT commands.

This site, is on development right now, so everything can be modified. It's a receipt management website, which each of the users will have their own clients stats, number of purchases, receipts, etc.

I truly would not recommend that at all.

  • 0

NEVER use the root account AT ALL once you've configured the MySQL server, make another account and grant it root-like permissions and ONLY use the root account as a last resort if something breaks to restore everything.

Yes use different accounts for different sites, one account for all clients on one site should be fine i.e. one account for this receipt tracking site, another account for a control panel site, etc.

  • 0

You should only really need one master user for the mysql database itself. Then use web based forms (in PHP for example) to allow the people to add/delete/update their data. They don't need to have direct access to the database tables to do this. I don't really see the point of having totally distinct tables for each user either. Seems like a lot of duplication and you'll end up with a massive amount of tables.

  • 0

Thanks to all of the above. Now I have a clear mind.

  On 04/01/2013 at 14:15, n_K said:

NEVER use the root account AT ALL once you've configured the MySQL server, make another account and grant it root-like permissions and ONLY use the root account as a last resort if something breaks to restore everything.

Yes use different accounts for different sites, one account for all clients on one site should be fine i.e. one account for this receipt tracking site, another account for a control panel site, etc.

I shall take this recommendation then :)

  On 04/01/2013 at 14:28, technikal said:

I don't really see the point of having totally distinct tables for each user either. Seems like a lot of duplication and you'll end up with a massive amount of tables.

:/ There was no other way my logic could function.

I Googled a bit and found that there wasn't any problem having multiple tables. The thing is that it allows flexibility. I didn't see a good way on putting the client info, the receipt #, the quantity, price of the product purchased (because it has a variable price), the current product id, the tax, and whether it was paid, delivered or not. So I could fetch it in a productive way later on....

Anyways, I'm open to suggestions :D

  • 0
  On 04/01/2013 at 15:48, Jose_49 said:

I Googled a bit and found that there wasn't any problem having multiple tables. The thing is that it allows flexibility. I didn't see a good way on putting the client info, the receipt #, the quantity, price of the product purchased (because it has a variable price), the current product id, the tax, and whether it was paid, delivered or not. So I could fetch it in a productive way later on....

Multiple tables are fine, in fact you should be using multiple tables, but there's a much better and organized way of using them. You should be using different tables for storing types of data. If I have Users, Customers, and Receipts; I would create a separate table for each one of them. Then I would create two additional tables used for associations, one for Users->Receipts, and one for Customers->Receipts. These associative tables would only store the unique id's for the rows in the other tables.

Not sure if I explained clear enough or not, also not sure if it's quite the same idea as your system. Either way its best to have different table's for different types of data, since there's no sense in storing the same data multiple times.

  • 0

Certainly use multiple tables, but not for each user. Say you have 10 users and each user has a separate table, if you want to see all the data from all the users you have to search through 10 tables, vs. just the main table for the type of data you want.

So instead of userA_orders, userB_orders, etc. you just have a single orders table, and store what user created the order in the record you insert into the table.

  • 0

if i've read this right. you should create a function user. one user that can insert, update, or delete records, but not modify the database structure. use that user for any transaction, and the root as a last resort.

  • 0
  On 05/01/2013 at 06:34, mollick2 said:

Multiple tables are fine, in fact you should be using multiple tables, but there's a much better and organized way of using them. You should be using different tables for storing types of data. If I have Users, Customers, and Receipts; I would create a separate table for each one of them. Then I would create two additional tables used for associations, one for Users->Receipts, and one for Customers->Receipts. These associative tables would only store the unique id's for the rows in the other tables.

Not sure if I explained clear enough or not, also not sure if it's quite the same idea as your system. Either way its best to have different table's for different types of data, since there's no sense in storing the same data multiple times.

  On 05/01/2013 at 06:44, The_Decryptor said:

Certainly use multiple tables, but not for each user. Say you have 10 users and each user has a separate table, if you want to see all the data from all the users you have to search through 10 tables, vs. just the main table for the type of data you want.

So instead of userA_orders, userB_orders, etc. you just have a single orders table, and store what user created the order in the record you insert into the table.

Now I get it! Yup. Indeed. I know my logic was failing somewhere.

I just need to create a separate column with the current logged in user, and bang it with a WHERE clause to identify the user (*poker face*)

Aaaargh.

Going to work on it right now

Thank you people :D

This topic is now closed to further replies.
  • Posts

    • What?! "May 31 2024 knowledge cutoff"?
    • Amazon Alexa+ now has more than a million users by Aditya Tiwari Amazon's muscled-up voice assistant, Alexa+, has reached a new milestone. A company spokesperson told The Verge that Alexa+ has now crossed one million users. The e-commerce giant introduced Alexa+ earlier this year as its generative AI offering. Why? It's a new trend, and everyone is doing it. According to the company, Alexa Plus offers more natural and free-flowing conversations than its predecessor. You can speak half-formed thoughts using colloquial expressions, and the AI assistant should be able to understand you and provide an answer. Announcing its capabilities, Amazon previously said that you will be able to start a conversation on your Echo device and continue it on your phone, car, or computer. One million may not be a significant number when comparing it with the number of Alexa-enabled devices out there. Amazon revealed earlier this year that there are over 600 million Alexa devices globally. However, the number of Alexa+ users has increased from 'hundreds of thousands' in the previous month. The user base is not as big as that of other names like Gemini and ChatGPT because Amazon is still offering the generative AI assistant through an Early Access program, available to Prime and non-Prime members who own a compatible Echo device. We can find social media posts from different users who have been invited to try Alexa+. While there have been positive reviews from some, the road isn't buttery smooth for others. One user claimed that the early access Alexa+ has problems accessing some temperature sensors the previous version of Alexa would. "I also really dislike how it confidently will tell me something that is incorrect now instead of just saying it doesn't know like it used to tell me," the user added. The upgraded AI voice assistant will cost $19.99 per month, but is being offered for free to Prime subscribers. Alexa+ started rolling out in the US as part of its early access program. One reason why Amazon is giving Alexa+ a slow rollout is that the new devices and services chief, Panos Panay, wants to eliminate all the problems related to the generative AI assistant. Amazon's spokesperson told the publication that the early access program doesn't include features like brainstorming gift ideas, scheduling your next spa visit, ordering groceries hands-free, and jumping to your favorite scene on Fire TV. The program also doesn't offer the "new browser-based experience at Alexa.com," which would put Amazon's AI assistant in line with ChatGPT and Gemini. These missing features will be added in the coming weeks and months, as per the spokesperson, adding that almost 90% of the features are now a part of early access.
    • MSI's 32-inch 4K QD-OLED gaming monitor gets a big price cut for UK gamers and professionals by Paul Hill If you’re a gamer in the UK and looking for a monitor to upgrade to then check out the MSI MPG 321URX QD-OLED 31.5 Inch 4K UHD Gaming Monitor which you can now pick up for just 75% of its recommended retail price. The RRP of this monitor is £1,199, but thanks to this deal, you can get it for just £898.99 for a limited time (purchase link down below). With its 4K display, 240Hz refresh rate, and 0.03ms GTG, you’ll have the edge over other gamers by avoiding lag. At 31.5-inches, it’s the ideal monitor size if you’re sitting up close to it at a desk, you don’t want it too big at such a short range, but you also want to be able to see all the image details so 31.5-inches is a good balance. What makes QD-OLED stand out? There are loads of terms used to describe displays such as AMOLED, OLED, LED, and it can all get a bit confusing. This monitor adds yet another acronym called QD-OLED, which stands for Quantum Dot OLED. For you as a buyer, this means your new monitor has self-emitting pixels that deliver great black levels. It also features an enhanced sub-pixel arrangement for extra sharpness. The 31.5-inch 4K UHD monitor has a 3,840 x 2,160 pixel resolution making it ideal for playing games, but also watching movies in the best quality. Other important features worth mentioning are the 1.07 billion colors (10-bit) that the monitor can produce, its 99% DCI-P3 support, and DisplayHDR True Black 400 certification. All of these things make the monitor produce more accurate colours, potentially making it a good choice for professionals editing videos and photos too. Obviously, games will look good too. MSI has also packed in a fanless graphene heatsink which should help to increase the durability of the monitor long-term. This could extend the time until you need to buy a new monitor, further justifying its almost £900 price tag. Gaming and productivity features It’s not just the hardware that makes this monitor excel for gaming, it also comes with great software enhancements and connectivity options. On the software side, you get the following features: Smart Crosshair: Projects a customizable crosshair onto the screen to improve hip-fire accuracy and iron sights in first-person shooter games. Optix Scope: Gives you a built-in aim magnifier with multi-stage zooming and shortcut keys to quickly switch magnification levels. AI Vision: This automatically enhances brightness and colour saturation, particularly in dark areas of the screen, making it easier to see enemies hiding in shadows or dark corners. If you have two separate systems you want to connect to the monitor at once, you can do so with this monitor thanks to KVM support. You can view both sources with Picture-in-Picture and Picture-by-Picture modes. The MSI MPG 321URX QD-OLED 31.5 Inch 4K UHD Gaming Monitor also supports next-gen consoles with features like HDMI CEC Profile Sync, HDMI Variable Refresh Rate (VRR), and 4K:4K downscaling. In terms of connectivity and ergonomics, you get DisplayPort 1.4a, 2x HDMI 2.1 (CEC), USB Type-C with 90W power delivery, and a USB hub. The monitor uses a tilt-, swivel- & height-adjustable stand that is VESA compatible. Should you buy this monitor? The MSI MPG 321URX QD-OLED 31.5 Inch 4K UHD Gaming Monitor is definitely a product for serious gamers looking for top-tier visual fidelity and performance or content creators who need accurate colours and high resolution. Even with the significant discount, it’s still at a premium price and definitely not for everyone. If you are in one of the groups mentioned, then you should give serious consideration to buying the MSI MPG 321URX QD-OLED 31.5 Inch 4K UHD Gaming Monitor as it's the lowest price the monitor has been at on Amazon to date. MSI MPG 321URX QD-OLED 31.5 Inch 4K Gaming Monitor: £898.99 (Amazon UK) / RRP £1,199 This Amazon deal is U.K. specific, and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon UK deals page here. Get Prime, Prime Video, Music Unlimited, Audible or Kindle Unlimited, free for the first 30 days As an Amazon Associate we earn from qualifying purchases.
    • So they went from bloody awful, to still bloody awful? Pass...
  • Recent Achievements

    • Enthusiast
      computerdave91111 went up a rank
      Enthusiast
    • Week One Done
      Falisha Manpower earned a badge
      Week One Done
    • One Month Later
      elsa777 earned a badge
      One Month Later
    • Week One Done
      elsa777 earned a badge
      Week One Done
    • First Post
      K Dorman earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      533
    2. 2
      ATLien_0
      272
    3. 3
      +FloatingFatMan
      201
    4. 4
      +Edouard
      200
    5. 5
      snowy owl
      138
  • Tell a friend

    Love Neowin? Tell a friend!