The basis of security for your MySQL server is this: Users should have appropriate access to the data they need, no more and no less. In other words, users should not have too much access to too much data. Consider the following:
These are just examples, but they help demonstrate an important point. You need to provide users with the access they need and just the access they need. This is known as access control, and managing access control requires creating and managing user accounts. Tip Use MySQL Administrator The MySQL Administrator (described in Chapter 2, "Introducing MySQL") provides a graphical user interface that can be used to manage users and account rights. Internally, MySQL Administrator uses the statements described in this chapter, enabling you to manage access control interactively and simply. Back in Chapter 3, "Working with MySQL," you learned that you need to log in to MySQL in order to perform any operations. When first installed, MySQL creates a user account named root which has complete and total control over the entire MySQL server. You might have been using the root login throughout the chapters in this book, and that is fine when experimenting with MySQL on non-live servers. But in the real world you'd never use root on a day-to-day basis. Instead, you'd create a series of accounts, some for administration, some for users, some for developers, and so on. Note Preventing Innocent Mistakes It is important to note that access control is not just intended to keep out users with malicious intent. More often than not, data nightmares are the result of an inadvertent mistake, a mistyped MySQL statement, being in the wrong database, or some other user error. Access control helps avoid these situations by ensuring that users are unable to execute statements they should not be executing. Caution Don't Use root The root login should be considered sacred. Use it only when absolutely needed (perhaps if you cannot get in to other administrative accounts). root should never be used in day-to-day MySQL operations. |