MySQL and usernames...

martekbiz

Member
Mar 17, 2004
17
0
151
Hi all,

When I create a new account in WHM, I noticed that a MYSQL user is also created.

Since this is the case, WHY is it that when in Cpanel I go to create a database, etc... I cannot use the username that was already created and instead have to use something that looks like: username_ (the _ appended after the username)?

It looks ugly and makes no sense!

Any ideas????

Thanks!

Aaron
 

martekbiz

Member
Mar 17, 2004
17
0
151
Re: Re: MySQL and usernames...

Originally posted by snickn
Why's it matter what it looks like? C'mon now.
Alright, I can accept that... but why the hell do you need two different usernames for the same user????

A
 

elleryjh

Well-Known Member
Apr 12, 2003
479
0
166
You can create new users with fewer user privs (like just 1 db or just SELECT privs) than your mail mysql db. It's also less risky to expose a mysql db password in a script than your main account password.
 

fishfreek

Well-Known Member
Jan 2, 2004
238
0
166
WHY is it that when in Cpanel I go to create a database, etc... I cannot use the username that was already created and instead have to use something that looks like: username_ (the _ appended after the username)?
You do?

Maybe this is something new in some new release of cpanel but back before i knew better I would create databases and run them with my main cpanel username/password with no problems at all.

Now that was a while ago and I wised up as to why thats not the best idea in the world.

Let me give you a little rundown on why I dont think its a good idea. Lets say for some god forbid reason your database is hacked by someone finding an exploit in some php, or asp, or java code and they obtain your username and pass and database name that you use to connect to your database. If this username/pass is the exact same as your cpanel account then its very easy for them to hack into your account and cause all kinds of bad things.

By making the username/pass for the database different than that of your cpanel account if the above happens then about the only thing they can do is compromise your database and steal info or delete info. Neither is good but both is better than a total loss by compromising your main account info.