Php/mysql

rakennedy75

My work uses mysql/php and I have become aware that that the mysql uses the root as for everyone in our company. There is currently only three of us that have access to the server.

I was just wondering if there is any specific articles that anyone knows about that can give me more information on the security risks by using root for everyone.

Thanks for your time.

yelvington

The MySQL manual?

http://dev.mysql.com/doc/mysql/en/Security_guidelines.html

Keep in mind that the mysql account "root" is not the same as the server account "root."

In general, each PHP application that uses the MySQL server ought to have its own account and its own database. This may not be possible on a low-end commercially hosted site (often you get just one db and one login) but it's a good practice if you admin your own server.