Hi,
I’m currently exploring different hosting options for a new website. My current host allows me to create different users with different permissions via cPanel, so I have one user/password for selecting, another one for updating, inserting, deleting, and a third for superAdmin access (backing up tables, for example). For some other hosts, I’ve noticed that with a “custom platform”, they just allow one user/password combination. Would this be considered a significant security flaw?
In my mind it probably depends on how the users are being used. If you’re using something like WordPress or whatever else, and you’re essentially storing your connection info in a config file or constants file… to me it just doesn’t matter whether you’re using one user or fifteen, if one gets discovered (because of bad server/website security) they all do.
If you use one that’s got a decent authentication and only has access to its own db, that’s not the end of the world, to me.
However, if your application allows for the compartmentalization of that information… my default is to always compartmentalize as long as it makes sense? As long as it makes rational sense and is more secure in some way… then do it!
Thanks for the response! And, I appreciate your points made in the first paragraph. However, can you please clarify what you mean by “compartmentalization of that information”?
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.