The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What's the best way to handle Databases and Users?

Discussion in 'Database Discussions' started by lewis-teck, Jun 9, 2016.

  1. lewis-teck

    lewis-teck Member

    Joined:
    Apr 28, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Root Administrator
    So ever since got in to managing websites in my teenage years, I got in to a habit with databases and users as while I understood how to get them to work together, I didn't quite understand what their differences are. So since then, I have had a specific way of working and it's never changed since. My structure is:

    Database: cpanel_forum
    User: cpanel_forum
    Password: forum

    I would then link these two, and one database would always have the same name mirrored in to users. You would never see two users or mismatched names with a database.

    However with security becoming a bigger issue, this method of handing databases and users did come in to my mind as a potential risk, so I'm here to discuss.

    In fact to be quite honest (and albeit embarrassing to admit), I've done that method for so long, that even owning my own VPS, I still don't know the relationship and uses of a database and user and how they link.

    Am I in any danger or generating any risk by organising my databases, users and passwords in this way? And how exactly does a user contribute to a database and what would the benefits be of different methods, like multiple users per database, or one user for all databases?

    Thanks!
     
  2. linuxchef

    linuxchef Member

    Joined:
    Jan 23, 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    The naming or the format can redefined and differ from person to person but what i think is to provide numbers for database and user so that hacker wont guess it , instead of using cpanel_forum, cpanel_blog, cpanel_joomla etc

    Database: cpanel_72284
    User: cpanel_892654
    Password: xxxxxx

    Here the important thing is how secure permission you have on configuration file and mysql remote connections. also you must not allow sql injection with your buggy code. Security is the thing you continuously keep watch on it. found lots of good material on web
    like
    MySQL :: Security in MySQL



    Regards,
    Silvester J
     
    #2 linuxchef, Jun 10, 2016
    Last edited by a moderator: Jun 10, 2016
  3. lewis-teck

    lewis-teck Member

    Joined:
    Apr 28, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Root Administrator
    What is the risk that someone does use a database/username/password to gain access though? I recall being able to log in directly to MySQL in the past but since that's long gone, is there any risk with it when my FTP, cPanel and similar access are all secured?

    Thankfully I only use reputable code; projects like Joomla, MyBB, oSTicket...
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I personally wouldn't want to use a password that was guessable based on the database name/username naming convention. It's easy to change a database user's password directly from cPanel or Web Host Manager in the event you need the password for a specific database user. A more likely risk is that if you host multiple users, a malicious user could check to see if that same naming convention works for other accounts on the server.

    Thank you.
     
Loading...
Similar Threads - What's best handle
  1. speckados
    Replies:
    1
    Views:
    296

Share This Page