General security “issue” that has me puzzled regarding user accounts/DB access. Let’s say I have a DB called mydb on a home network (192.168.0.x subnet), and I execute the following statements:
grant usage on . to ‘testuser’@‘%’;
grant all privileges on ‘mydb’ to ‘testuser’@‘%’;
grant usage on . to ‘testuser’@‘192.168.14.50’;
grant all privileges on ‘mydb’ to ‘testuser’@‘192.168.14.50’;
Does one statement take precedent over the other? The first two statements grant remote access to all hosts, whereas the second two grant it to a specific remote host.
I ask this because I’ve inherited multiple DBs with this scenario and, in my mind, if we have the ‘user’@‘%’ grant in there, then it’s silly to have all the others in there, and they should be removed, but I want to confirm that I understand the entries correctly, if that makes sense.
Any guidance would be greatly appreciated. Thanks!