What's the best way to handle Databases and Users?

[lewis-teck]

So ever since got in to managing websites in my teenage years, I got in to a habit with databases and users as while I understood how to get them to work together, I didn't quite understand what their differences are. So since then, I have had a specific way of working and it's never changed since. My structure is:

Database: cpanel_forum
User: cpanel_forum
Password: forum

I would then link these two, and one database would always have the same name mirrored in to users. You would never see two users or mismatched names with a database.

However with security becoming a bigger issue, this method of handing databases and users did come in to my mind as a potential risk, so I'm here to discuss.

In fact to be quite honest (and albeit embarrassing to admit), I've done that method for so long, that even owning my own VPS, I still don't know the relationship and uses of a database and user and how they link.

Am I in any danger or generating any risk by organising my databases, users and passwords in this way? And how exactly does a user contribute to a database and what would the benefits be of different methods, like multiple users per database, or one user for all databases?

Thanks!

 

[linuxchef]

The naming or the format can redefined and differ from person to person but what i think is to provide numbers for database and user so that hacker wont guess it , instead of using cpanel_forum, cpanel_blog, cpanel_joomla etc

Database: cpanel_72284
User: cpanel_892654
Password: xxxxxx

Here the important thing is how secure permission you have on configuration file and mysql remote connections. also you must not allow sql injection with your buggy code. Security is the thing you continuously keep watch on it. found lots of good material on web
like
MySQL :: Security in MySQL



Regards,
Silvester J

 

[lewis-teck]

What is the risk that someone does use a database/username/password to gain access though? I recall being able to log in directly to MySQL in the past but since that's long gone, is there any risk with it when my FTP, cPanel and similar access are all secured?

Thankfully I only use reputable code; projects like Joomla, MyBB, oSTicket...

 

[cPanelMichael]

Am I in any danger or generating any risk by organising my databases, users and passwords in this way? And how exactly does a user contribute to a database and what would the benefits be of different methods, like multiple users per database, or one user for all databases?

Hello,

I personally wouldn't want to use a password that was guessable based on the database name/username naming convention. It's easy to change a database user's password directly from cPanel or Web Host Manager in the event you need the password for a specific database user. A more likely risk is that if you host multiple users, a malicious user could check to see if that same naming convention works for other accounts on the server.

Thank you.