Source: https://stackoverflow.com/questions...e-database-and-web-server-on-the-same-machineSecurity is a major concern. Ideally your database server should be sitting behind a firewall with only the ports required to perform data access opened. Your web application should be connecting to the database server with a SQL account that has just enough rights for the application to function and no more. For example you should remove rights that permit dropping of objects and most certainly you shouldn't be connecting using accounts such as 'sa'.
This was found on a StackOverflow post.
Right now, I'm connecting with root to my MySQL server so it would only take 1 more step for someone to mess everything up as it's visible with username and password (though, it's not public SSH) in the config file.
Backups are done daily, but, I'd still prefer not to lose 1 day's worth of data as a lot or little can be added that day.
Is there a user that can be created for MySQL access that only can add data, but can't drop (drop whole tables) or delete (i.e. hard deletes)? This would prevent anyone from messing it up too badly as they can't drop tables or delete rows from tables (I presume that's what a hard delete does)? Possibly just create a bunch of rows in a loop if they really wanted to "mess" anything up (unless there's a timer for adding rows like 100 rows per 45 seconds or something on a user).
What settings for XenForo would this user be that's safer to use than root for accessing the database as it can be compromised and totally deleted with root?
@eva2000 might know?