Creating a user with SELECT privileges only on a specific database, Part 3

Part 3 of 3. This part covers using Dreamhost‘s web panel for creating a user with SELECT privileges only for use while displaying data on a webpage. See Protecting Your Data from an SQL Injection Attack for more. Part 1 covered the actual SQL commands. Part 2 covered using phpMyAdmin.

Using Dreamhost‘s interface.

I picked Dreamhost because they host conlang.org and most of the subdomains of conlang.org. Also, they disallow using the methods in part 1 and part 2.

After logging in to Dreamhost‘s panel, click on Databases under Let’s Get Started!

Let's Get Started screenshot

Under the list of databases, click Add a New User on the right.

List of databases screenshot

Select “Create a new user now…” from the select menu, then fill in the username and password. Click Add new user now! Note that the instructions say: “This will grant a user full access to your “database_name” database. To limit this user’s database access privileges to “terjemar_newdict”, simply click their username on the screen that follows. ”

adding a new user screenshot

Now we get our success message: “User “selectonly_user” has been granted access to your “terjemar_newdict” database! If you’d like to fine-tune their permissions or set where they can connect from, do so from here.” You can also click on the username listed by the database.

selecting the user for editing screenshot

Make sure only Select is checked. The other options are Insert, Update, Delete, Create, Drop, Index, and Alter. The first three allow the use of those statements, so INSERT statements, UPDATE statements, and DELETE statements. Create allows for CREATE TABLE statements, Drop for DROP TABLE statements, Index for CREATE INDEX and DROP INDEX statements, and Alter for ALTER TABLE statements.

modifying privileges screenshot

Click on “Modify selectonly_user now!”.

final success message

And we have our success statement.