Hi Bastien,
Please make sure to cc the galaxy-user and galaxy-dev lists as they help your questions reach a wider audience. In fact, I'm sure there are people on these lists that have more DB knowledge than myself.
That said, you're spot on in your thinking. Galaxy uses a single database (galaxy, in your case), so you can setup a "Galaxy" mysql user to have rights only on that DB; specifying localhost provides another layer of security as well.
Best,
J.
On May 3, 2010, at 11:08 AM, Chevreux, Bastien wrote:
>> From: Jeremy Goecks [mailto:jgoecks@gmail.com] On Behalf Of Jeremy Goecks
>> You can specify a MySQL username and password in the MySQL URL, e.g.
>> mysql://username:password@localhost:3306/galaxy?unix_socket=/var/run/
>> mysqld/mysqld.sock
>
> Hello Jeremy,
>
> thank you very much for that, works like a charm.
>
> Coming to my next question: how should I setup the user / user rights / databases / tables etc. in MySQL?
>
> Yes, I could create a user and then do a
>
> grant all privileges on *.* to someusr@localhost
>
> and I think that that Galaxy will then create everything by itself. However, on the long term I feel that this might be ... um ... a security risk should MySQL also host other things than just a Galaxy DB.
>
> Is there a recommended way to setup things? Like perhaps, e.g., having the mysql admin just create needed databases and giving all rights just to these DBs to galaxy like in:
>
> create database somedb;
> grant all privileges on somedb.* to someusr@"localhost" identified by
> 'passwrd';
>
> and then have Galaxy work with that? But for that I'd need to know which DBs Galaxy uses and I have to set up.
>
> If not, I'll do the all privileges on *.*, but I don't really like that.
>
> Regards,
> Bastien
>
> PS: sorry for nagging, but I'd really like to have a basic security level
> PPS: if the above looks like straight from some manual, yes it is. I'm no
> MySQL expert, but a good Google search brings most of what I need to
> know.
>
> --
> DSM Nutritional Products AG
> R&D Human Nutrition & Health
> Bioinformatics - Bldg. 203 / 115
> P.O. Box 2676
> CH-4002 Basel / Switzerland
> Tel. +41 61 815 8264
>
>
> DISCLAIMER :
> This e-mail is for the intended recipient only
> If you have received it by mistake please let us know by reply and then delete it from your system; access, disclosure, copying, distribution or reliance on any of it by anyone else is prohibited.
> If you as intended recipient have received this e-mail incorrectly, please notify the sender (via e-mail) immediately.