I have created a CMS website that only had one database connection for both the admin area and the user area and it only had one user("root") with no password, and now I want to upload it, but I am not sure whether I should create 2 different users(and two distinct connections) one for the admin and the other just for displaying purposes for the site visitor(making it more restrict), In order to keep it more secure. Or does it not matter how many users one creates when looking at a security point of view?
Mysql – How many database users/admins should be created for a website
central-management-serverMySQLSecurityusers
Related Solutions
I think using a MySQL gui tool like SQLyog would solve your problem. It has User manager tool where you can set privilege to different users.
You'll need to decide whether you want to use OS authentication or use a password file. See http://docs.oracle.com/cd/E11882_01/server.112/e25494/dba006.htm#i1006628 to help you decide.
Will users administer the database by first logging in to the database server using eg ssh? Then you can use OS authentication.
Best practice for OS authentication: No-one should be logging in as the oracle OS user. Each DBA should have their own OS account and login as that. Their OS account should be a member of the OS DBA group (remember that only members of the OS DBA group can login using sqlplus / as sysdba).
If you want to allow remote administration, then you'll either need a secure connection to the database (just like SSH provides that to the server when administering locally) or you'll need to use a password file.
Related Question
- Mysql – Database structure for multiple users sharing one dataset, but also many users with their own dataset
- Sql-server – Schemas and user permissions
- Mysql – dumtheuser creating users
- Mysql – Secure MySQL-Server completely (disable ability to reset root-password)
- Mongodb – How should I be using Users and Access Roles in MongoDB
- Mysql – Run PostgreSQL without admin / superuser
- Mysql – How to implement UNIX like ACL for table rows
Best Answer
You should at least not be using root for your application. The rest completely depends on how the application was developed. It sounds like you wrote it yourself, so my opinion is based on that.
My suggestion is to use two accounts, as you said one for write access (to the CMS database only) and one with read-only access (again, only for your CMS database). That way, if you have any kind of vulnerability with, for instance, the display portion of your application, you can somewhat potentially limit the damage an attacker can do.
You could do it with one user for the whole CMS; most applications you could download like WordPress and so on do it this way to make installation easier and because some hosts don't allow more than one user account. If you have the means to do so, I prefer to isolate roles as much as possible.
The reasons to not use root are many, but basically you want to give the user the minimal set of permissions needed; if an attacker gains access through your root account they can create new users, delete data, change configuration variables, and much, much more. If they gain access through a limited account that only has access to read and write to your CMS database, they can't create accounts, they can't delete other databases, and they can't insert malicious data in to other databases. They might mess with your CMS database, but it's the principle of limiting the damage at that point.