I'm getting ready to deploy a CakePHP site for the first time. I'm using the site with a MySQL database, and I'm still a little unclear about the proper use of users & permissions for MySQL -- I'm talking about the "login" and "password" fields that appear in app/config/database.php. During development, I've been using 'root' and 'root' -- but I'm pretty sure that can't be a good idea. So my question is: what are the best practices for assigning a MySQL user to a CakePHP app, and what MySQL privileges should be assigned to it?
The least amount of permissions possible, so INSERT, SELECT, UPDATE, and DELETE on the database in question, certainly not CREATE/DROP privileges. Best practice: make the password hard to guess. You're hardcoding it anyways, there's no reason not to make it a terrible monster of a password. Also, ensure it can only be accessed by localhost or your IP.
GRANT INSERT, SELECT, DELETE, UPDATE ON mydb.* to 'myuser'@'localhost' IDENTIFIED BY 'monsterpassword'