Certain users edit database

Question

I was wondering if there was a way of going about having only certain users able to delete tables from an sql database using PHP, for example only managers are allowed to add and delete whereas others users can only view them?

Answer 1

It is possible.

First, in most popular databases there are users who are granted some privileges. You can make some users "better" allowing them editing and deleting, while make others "worse", eg. allowing them only searching.

You can do this by connecting to the db as specific user.

Secondly, you can make your PHP program in such way, that registered user has some specific privileges, but you verify them on the PHP side, connecting to the db always as an "almighty-user", but you prevent sending specific queries.

It's difficult to say which method is better. For security reasons, I see no differences, because the weakest point here can be the sql connection (so maybe it's better to log as different users?) or also PHP login system (so if you loose the almighty user's name and password the other users accounts do not matter).

Answer 2

Using only the rights of the database users can prevent your db-credentials from being viewed by others . Just in case someone is able to read your php-files. May it be on the server or if there is a security issue that enables others to view the php files in the browser as clear text.