How To

Making a Stand Alone SQL Account

A very simple thing you can do to make your sites more secure is to use a separate SQL user for your web apps.

One of the ways to secure your web apps is to limit the damage they can cause. When you create a database for a webapp, you have to provide a user ID and password to connect to the database, logically enough. Illogically, most people just use the same username and password they use to SSH into their server. After all, it works.

The obvious problem with this is that if someone gets access to your files (via a security hole in your webapp or your webhost), they now know your server password and ID, and can get in and cause serious damage.

But what if instead of using that normal ID and password, you made a special one that only was used for SQL. You couldn’t log in with it, you couldn’t FTP or anything except play with SQL. Then, even if they got in, they couldn’t delete your files! That’s really simple.

cPanel cPanel

If you’re using cPanel, just go in to the MySQL Databases screen and add a new user. I like to use something totally obvious, so I can remember it, like ipstenu_sql.

MySQL - Add New User

For those passwords, I tend to use the generator to make something like m}+akwQN=&)!, not because I feel they’re more secure (I prefer pass-phrases, like ‘donkeyvanillatapdance’), but as a reminder for me not to use it for anything but SQL. Hang on to the password right now, though, you’ll want it in a minute.

Then you add the user to the databases. Back on the main MySQL page, there’s a little selection to Add User to Database which is really obvious to use. Pick your user and your database.

Clicking Add will take you to the privileges screen:

Manage User Privileges

Give the user ALL privileges, as you may need this later on.

Top ↑

Plesk Plesk

It’s just as easy in Plesk. Once your new database was created you, were automatically brought to the area to create the New Database User. If you didn’t do that, it’s okay, just go back the main database page and find the datase you want to add the user to (in this case, it’s LovePlesk_NewDatabase).  Click on the Add New Database User icon, fill in the information (remember to save your password!), and click okay.

Plesk should automatically grant the user ALL privileges.

Top ↑

Updating Your WebApp Updating Your WebApp

Once you have the new user made, all you have to do is edit your config file (i.e. wp-config.php for WordPress) to use the user and password, and hit save.

Now you’ve made your install a little more secure.

2 replies on “Making a Stand Alone SQL Account”

I think about 75% of my readers already do this, but I know I’m pulling in some of the newer folk, and they do ask this 😉 You have to learn somewhere, and generally this gets skipped, in my experience.

Comments are closed.