Creating a Database User
Now that things seem to be working fine, we will create a database user that can access only the Mambo database. This user is not a human, but will be used by Mambo to connect to the database while it performs its data-handling activities. The advantage of creating a database user is that it adds an extra level of security to our installation. Mambo will be able to work with data only in this database (in the MySQL server), and no other. Also, Mambo will be restricted in the operations it can perform on the tables in this database. This will be useful in case our system is hacked by some outside evil.
The reason we did not do this before was that Mambo creates its own database, and creates tables in that. It requires a user account with a lot of privileges to do this kind of a thing. The root database account has the ultimate power, and can do this quite easily. Once the database is set up, the demands on the database in terms of creation are less, and so we do not really need this extra power on a regular basis. Thus we will switch to another user.
Also, we do it now so that we can assign privileges only to the Mambo database. Until the database is created, you can't really do that. Now that the database is created, it's an ideal time to switch to our less powerful, but still powerful enough, database user.
For our database work, we'll be using the phpMyAdmin tool. phpMyAdmin is part of the XAMPP installation (detailed in Appendix A), or can be downloaded from www.phpmyadmin.net, if you don't have it. phpMyAdmin provides a powerful web interface for working with your MySQL databases. If you're familiar with phpMyAdmin, or prefer to use the command line for working with MySQL, this section won't present any problems.
First of all, open your browser and navigate to http://localhost/phpmyadmin/, or whatever the location of your phpMyAdmin installation is.
We will need to create a username for our MySQL user to access the mambo database. Let's call our user mamboer and go with the password mambopassword. However, in order to add an extra level of security we will introduce some digits and some other slight twists into our password in order to strengthen it, and so use the word mamb071Passv0rd as our database-user password.
To create the database user, click the SQL tab in phpMyAdmin, and enter the following into the Run SQL query/queries on database textbox:
GRANT ALL PRIVILEGES ON mambo.* TO mamboer@localhost IDENTIFIED BY 'mamb071Passv0rd' WITH GRANT OPTION
Your screen should look like this:
Click the Go button, and the database user will be created:
Switching to the New Database User
Now that the user is created, we'll make a quick modification to the Mambo configuration to use this MySQL user account.
Enter the URL http://localhost/mambo/administrator into your browser, and you'll be taken to the login page for the administrator area:
Here you need to enter the account details of the Super Administrator account that you created during the last step of the web installer. Enter the username (admin) and password (you did make a note if it didn't you!) and click the Login button.
You will find yourself in the Administrator area, also known as the back end of the site. From here you control your site. We'll talk more about this in the coming chapters. For now, select the Global Configuration option from the Site menu at the top of the page:
Click on the Database tab, and enter the details of the MySQL database user we just created in phpMyAdmin:
Click the Save button, and the configuration settings will be updated.
Now click the Logout link in the top right-hand side of the page, and you will be returned to the front end of the site.
We are ready to get started!