-2
For security reasons, what privileges a database user should or should not have?
2 answers
1
It depends on the user’s role in accessing the database. For example, a data query-only user should not have access to "INSERT" or "DELETE" although business logic is prepared not to do these tasks, if the user, for some reason, is misused, will be able to have more permissions than desired.
-2
This will depend on what tasks the user will need to perform in the database. For example, the user of an application will need the basic privileges (select, Insert, update and delete) but in some applications you may need to create temporary tables or even a view.
The best thing to do is to provide the minimum necessary permissions (the "data" block) and, depending on the case, ensure others.
Note, you may have more than one user accessing the same database, sometimes it may even be interesting to create someone for application itself, others for administrative routines, backup, etc.
Browser other questions tagged php mysql security-guard
You are not signed in. Login or sign up in order to post.
He must have only the ones he really needs. He must not have any more.
– Bacco
Never provide, create an application that makes every connection to the bank through your code
– Sveen