Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Home LAMP webserver update- passwords, users, MySQL, phpmyadmin, Wordpress, oh my
- Date: Fri, 26 Jun 2015 18:09:28 +0900
- From: Kevin Sullivan <csr-kts@example.com>
- Subject: Re: [tlug] Home LAMP webserver update- passwords, users, MySQL, phpmyadmin, Wordpress, oh my
- References: <558CFD2C.104@gol.com> <CAAhy3dtzwxafzBR2mz=gA7ofR829suia3fo8o7v6XbhnA+oH6Q@mail.gmail.com>
- User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
Thanks for the reply. Concerning "database" is only one necessary? When MySQL installed, it created -one-database for "root" with password.
PHPmyadmin also (?maybe?) wanted -to me anyway- another? database.Now wordpress... of which I would like to rename/delete/create another database named more like my website.
Then we have the restricted access .htaccess files with passwords for the admin areas of wordpress and phpmyadmin, etc.
Maybe getting better, thanks. Kevin On 6/26/2015 5:09 PM, Raymond Wan wrote:
On Fri, Jun 26, 2015 at 3:20 PM, Kevin Sullivan <csr-kts@example.com> wrote:-Installing MySQL, it wants a user, password, and a database name, user password -Installing phpmyadmin, it also wants user, password, database name -Wordpress wants mysql superuser name and password, then apparently another wordpress user name, and pw.... What reasonably secure way to handle this myriad of users? Can/should I stick to just one user/pw for each component? deal with remembering different users/pws? What makes sense here for a single-user-administered website serving (for now) one Wordpress installation?I have very little experience with WordPress and a bit more (but not much) of Joomla. MySQL will have to have a root user. Some people create a separate database administrator account with less access than root to do most tasks. Whichever you choose (a root or DBA account), phpmyadmin will need access to it. And, unless you want your users to be issuing SQL commands (probably not), you should probably ensure access is only via localhost, given your "single-user-administered" system. As for WordPress, it needs access to the database. You can give it the same DBA password or create a separate one with even less access than the DBA. But across WordPress installations, I think you can just change the underlying database for each user, but keep the account to be the same? Indeed, at each level you mentioned, you can create another account such that each one has less (limited) access compared to the one above it. But, I'm not sure if that's needed. You probably want to invest your time in keeping WordPress up-to-date by applying the latest patches, instead... And/or putting yourself on the security mailing list of WordPress to keep you informed of important updates. All IMHO, of course... Ray
- References:
- Prev by Date: Re: [tlug] Home LAMP webserver update- passwords, users, MySQL, phpmyadmin, Wordpress, oh my
- Next by Date: Re: [tlug] Help with Mint
- Previous by thread: Re: [tlug] Home LAMP webserver update- passwords, users, MySQL, phpmyadmin, Wordpress, oh my
- Next by thread: [tlug] [announcement] July 11 Technical Meeting
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |