2

I installed my mariaDB and phpMyAdmin. I created a new user with all the Grand and Super priveleges. And I deleted the "root" user for savety. Perfect.

As I follow an article: make a diffrent user for writing, a diffrent user for deleting, and so on. All for your website to use. Perfect.

Than, when set and ready: do not have a userAccount who can do everything and anything for savety reasons. So I removed some priveleges for my new Grand Super User.

Oh oh, I ticked the wrong box and now my Grand Super User can't see all the other users and can't create new users anymore.

And now I am lost in logic. My DB is now handicaped as I can not toy around anymore with adding users and other settings. Now, I believe, I need to delete and install a new mariaDB on my Linux just to get a database back where I am in control.

Am I now understanding correcly that for security reasons; it's best to have a userAccount for every single option, from creating new Users to adding an ellement to a table? And to give arbitrary names to all these userAccounts so not outsider(hacker) who sees these userAccounts gets any wiser?? Or am I completly missing the ball?

Desert Wind
  • 43
  • 7

1 Answers1

5

Now, I believe, I need to delete and install a new MariaDB on my Linux just to get a database back where I am in control

You can regain control by starting the server with the --skip-grant-tables option, which disables permission checks and allows you to fix user privileges from the MySQL shell.

Am I now understanding correctly that for security reasons; it's best to have a userAccount for every single option, from creating new Users to adding an element to a table? And to give arbitrary names to all these userAccounts so not outsider(hacker) who sees these userAccounts gets any wiser?? Or am I completely missing the ball?

It's not recommended to create a separate user account for every single privilege or operation, that would be overkill and difficult to manage.

Start by securing the server environment itself (firewalls, local-only access, etc.), and ensure your application code uses parameterized queries to prevent SQL injection.

Restrict the root user so it can only connect locally (localhost), and reserve it strictly for DBA tasks such as user management, backups, schema changes.

For your application, create a dedicated user with only the required privileges such as SELECT, INSERT, UPDATE, DELETE. If your application also handles schema changes, you'll need to extend those privileges accordingly, though it's generally best to separate administrative tasks from app logic.

Consider using Roles, which are collections of privileges that can be granted to or revoked from users. Roles simplify privilege management and improve security by grouping access levels logically.

Ergest Basha
  • 5,369
  • 3
  • 7
  • 22