— For IP 192.168.1.10
CREATE USER ‘leads_user’@’192.168.1.10’ IDENTIFIED BY ‘secure_password’;
GRANT INSERT ON tms_database.leadstable TO ‘leads_user’@’192.168.1.10’;
— Apply privileges
FLUSH PRIVILEGES;
Repeat the above for all
if someone hacks the above username and database credentials, their ability to misuse the database will be limited due to the following measures:
1. Limited Privileges
The user has been granted only INSERT permissions on the leads table. This means:
- What the attacker CAN do:
- Insert new rows into the
leadstable.
- Insert new rows into the
- What the attacker CANNOT do:
- They cannot read (
SELECT) data from any table. - They cannot modify existing rows (
UPDATE) in the table. - They cannot delete rows (
DELETE) in the table. - They cannot perform any operations on other tables or the database schema.
- They cannot read (
2. Host-Based Access Restriction
The user is restricted to access only from specific IPs. This means:
- If the attacker tries to use these credentials from any other IP, MySQL will reject the connection.
- Even if the credentials are leaked, they would only be useful if the attacker has access to one of the allowed IPs.