Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am currently using MySQL for my Rails application. In my database.yml, I have the following:
production:
adapter: mysql2
database: application_name_production
username: root
password: password
host: localhost
I’m wondering, is it ok to connect to the database as user root? Will it be any less secure than using another user other than root?
This is stored in plaintext, so yes, it’s a very bad thing to do. If someone ever gets access to your webserver, het can read the password. And hey, it’s probably the same password for the user root to access the whole system 🙂
Create a database user that can only work with the application specific database. Then only that data can be stolen/edited/destroyed if someone steals your database.yml. Do not use a password that has been used elsewhere.
As you can expect, a hacker will immediatly search for database.yml files using an automated script when he breaks into your system. So within one second of entering your system, he can access all your data.