MySQL configuration

Create a specific database user to run your PhPeace. Do not share database accounts across different applications because it adds complexity and lowers security.

The database user does not need any global privilege. However, it is commonly acceptable to give all privileges for the PhPeace database, issuing (as specified in the README) the following command:

GRANT ALL PRIVILEGES ON mydatabase.* TO myusername@localhost IDENTIFIED BY 'mypassword';

Pay attention to

• specify the database (mydatabase.*) otherwise you will give global privileges
• specify both the username and the host (to exclude anonymous users and external connections)
• to specify the password: never leave it empty!

The above command will not grant global and administrative privileges, such as the GRANT one, as clearly stated by MySQL documentation.

At the same time, you will already grant some privileges that, even if not currently used, may be used in future PhPeace versions.

However, here are more details about the privileges currently required by PhPeace:

• Required at global level
  • None
• Required at database level
  • ALTER
  • CREATE
  • DELETE
  • DROP
  • INDEX
  • INSERT
  • LOCK TABLES
  • SELECT
  • UPDATE
• Not required, but possibly used in the future
  • ALTER ROUTINE
  • CREATE ROUTINE
  • CREATE TEMPORARY TABLES
  • CREATE VIEW
  • EXECUTE

Hence a stricter approach could be to grant only the necessary privileges

GRANT ALTER,CREATE,DELETE,DROP,INDEX,INSERT,LOCK TABLES,SELECT,UPDATE  ON mydatabase.* TO myusername@localhost IDENTIFIED BY 'mypassword';

But you may have to change them in the future