Database Isolation

Would be quite easy to create a user and grant permissions when each site is spun up?

Hello there :wave:

Can you please clarify what is it that you’re trying to achieve so we can make a recommendation? Thanks!

It is using root MySQL logins for every site.

If anyone got access to the files, they have access to ALL wp sites.

If you share the site via Cloudflare Tunnels, they can again, install WP File Manager, see wp-config.php, and use a database script to get every other websites data.

It is super easy to create a new DB + DB user per install with literally no downside… all upsides. Using root access for anything is 101 “awful practice”. Sure if nothing ever goes wrong ever, not an issue… but isolation and security especially when so basic (add DB, add user, grant privileges, done!) it’s a no brainer.

Root has access to everything anyway for anyone would rather login that way.

Thank you for your reply!

The DevKinsta sites are hosted locally on user’s machine, therefore, external access should not be possible unless from your machine.

Kinsta-hosted sites use a different setup and have unique names for database, therefore, this vulnerability cannot be exploited.

Please do let me know if I misunderstood your message.

Kind regards

It’s elementary to share access via Cloudflare Tunnels or similar setup, you could even open a port on your router and send someone https://myip:50000 and they can view a site in progress. Even within a local network you can share with other developers.

MAMP, Local and others generate unique database, username and password for each site. It’s so simple to do when spinning up a new site I can’t imagine any reason why you’d not want to: ChatGPT - MySQL User Privileges Setup

The same reason having password.txt on Desktop is poor practice despite no-one else having access to your computer. Software will never be 100% secure so isolation where possible just adds yet another layer of protection.

It would be great if DevKinsta could be updated inline with what others are doing.

Hi @infinityweb! Thanks for your reply.

I can certainly see how a feature to remotely access sites in development in DevKinsta could be useful. Additionally, I understand that having each site use it’s own database credentials could improve security. While currently DevKinsta isn’t designed with remote access in mind I will pass your suggestion along to our development team for consideration.

We appreciate your feedback!

If you do have anything else you’d like to share, or have any questions please don’t hesitate to reach out.

Best regards

Thanks Andrew! That’s the only glaring issue otherwise it’s great so far.