Reputation: 19298
PHP MYSQL security regarding delete grant
I am quick new to web application development, and i am developing a small application at the moment.
Just wondering is it bad practice to grant DELETE on an MySQL user privileges. At the moment when delete i just change one of the field in the database. say for example 'status' i just updated to '0' instead '1'. Which way is the correct way to doing it? Please give me a guide. Thanks
Upvotes: 1
Views: 59
Answers (1)
Reputation: 522382
It's a good idea to give your users/application only exactly the privileges it needs. If your app never ever issues DELETE queries, it does not need that permission; not giving it that permission reduces the risk of accidentally or maliciously losing data.
It's not usually a paramount thing, but if you can, why not? It may introduce some overhead of needing to manage the SQL permissions on top of all the other things you already have to manage though.
Upvotes: 1
Related Questions
- Revoke only delete from user with all privileges on MySQL
- MySQL: DELETE permission requires SELECT permission?
- PHP ask password before delete
- Mysql remove row - security issue
- Mysql restrict on delete check
- Give logged in user delete option only
- how to allow delete only if user is admin in php
- What is the best way to protect Mysql Delete statements?
- mysql php security
- safest way to let users with no login to delete mysql entry