You’re probably wondering what I’m talking about here, but to clarify it’s database speak and a DBA is a database administrator  :-) So why do you need to concern yourself with such jargon? Well if you’ve deployed a PHP/MySQL (or other scripting language or database) web application, then you need a basic understanding of this stuff.

You need to keep in mind when installing anything on your website or blog that you are working in a secured environment and must be vigilant.

I regularly develop and also install PHP/MySQL scripts for clients, which perform a wide range of functions and I am often asked to “clean up the mess”.  I want to share a mistake that I regularly see because it’s very important and could threaten your website or blog’s security.

When you install a script that interacts with a database, the script accesses the database by logging into it. This information is typically stored in a configuration file which contains your database login information. This enables the script to complete its required actions which will include adding, updating and deleting records etc.

When you create your database(s) via your hosting account control panel, you add users to the database that are authorised to access it. It is extremely important to realise that you can and must vary the privileges that you grant to these users to minimise risk. Hosts often refer to these differing permissions generically as follows:-

  • Read only - as it suggests, records can be accessed but not altered.
  • Read/Write - records can be accessed and altered.
  • DBA (database administrator) has unlimited access to the database and can do whatever they want, including destroying the entire database.
    • MySQL DBA database privileges
    MySQL DBA database privileges

    This table shows the full list of privileges available to a DBA. I often see script installations which use a DBA login and this is an extremely risky practice because if a hacker gains access to your database credentials, they have unlimited access to rape and pillage your database.

    So What Do I Do?

    When creating your database(s) be sure to allocate several users, one of which is a DBA with unlimited access and another with limited read/write access. The DBA login is required so that the database can be created in the first place and to allow its tables and fields etc. to be added. Once your database and its structure are in place you then alter the user to the read/write access.

    Like this post? Subscribe to my RSS feed and get loads more!