Home/ Questions/Q 957381
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T00:41:30+00:00

Say you created a blog application, and it’s data is stored in a MySQL

  • 0

Say you created a blog application, and it’s data is stored in a MySQL database. In your application configuration you set the data source name to myBlog user root password whatever

Now, when users start using your blog to access, post to, and comment on threads, etc… I am assuming they connect as root through the application myblog

So… users connect to the application myBlog who in turn connects to MySQL as user root , using password whatever — it’s not really the users that are connecting to MySQL, it’s the application. Correct?

Is there not a security issue with this approach? Should I create a new username in MySQL for the application myBlog with specific privileges and leave root only for administering the database?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    yes, the application connects to the db. you should create a new mysql user for your application, do something like

    CREATE DATABASE myblog_env;
CREATE USER 'myblogenv-user'@'%' IDENTIFIED BY 'your pw';
GRANT ALL PRIVILEGES ON myblog_env.* TO 'myblogenv-user'@'%' WITH GRANT OPTION;

    something like the above should do it. The ‘env’ part of the above is for if you want to create a new db for difference environments, like dev, stage, prod, whatever….

    this way your application user has complete access to its db, but no other dbs in the mysql instance.

    • 0