I have a dedicated server hosting a domain and SQL database
Lets call it

I have written a script which accesses my database and I want to put it on
a totally different server on a domain called

I have granted remote access to the SQL database by
IP address of the server.

My question is about how I can limit the database access.

For example the script includes:

$host = “localhost”;
$user = “admin”;
$password = “htadtsrxdVnJIu3”;
$database = “exor543”;

When I put this script on the server belonging to
someone else, if the client knows php they will be able to take that connection data
and write their own script to copy the whole database or delete
the database or just mess it all up.

If I give the client a new USER can I then limit the user to
just running certain actions on the database ?
Maybe just reading ?
( But then they could still copy the who thing )

Not sure how to address this security problem.

Any thoughts ?


You can limit their ability to drop databases/tables by not giving them DROP permissions. I don’t think you can stop them from copying the database.

Here is a list of privileges,

This would have to be done from either the command line mysql utility, or phpMyAdmin. You should create a new user for these restrictions as Virtualmin may overwrite your changes.

Someone on the client system could use the mysqldump utility to make a dump of this database, but I don’t know of any way to block that functionality.