How to secure MySQL database with user rights

MySQL is as secure as you make it. If you use good coding practises while accessing the data the security is fine.

In order to not share tables between users you can only assign each user their own database, but is this really what you mean? do you mean a user to edit the tables or a user of a website using the database?

Those concepts are very different.

I can help you better if you would describe what you want it for.

Ok Rythmic. Right now i'm developing a product which is stand alone. I'm using Visual Studio with C# as front end and MySQL as database. I'm creating a new user from C# and creating database and tables. But if i login to MySQL as administrator with command prompt, i'm able to see all the databases and tables which i've created. How to hide that? May be in my code the user creation has some defect.

If you login as mysql administrator you will see all the databases you have administrative rights to. Check out the GRANT command in mysql.

You can GRANT users different rights to different databases. unfortunately not to different tables.

You should take a look here.
http://dev.mysql.com/doc/refman/5.1/en/grant.html

@rythmic
Ok Rythmic. Thanks a lot. Right now i'm bit busy. So will check this later and will ask you if i get any more doubts.. :)
Please help me out in learning those things...

I'll be around :)

I was reading through our conversation and started thinking about concepts. Just to make sure we are discussing this from the same point of view, here is an intro to db user concepts and application users.

If you create a User in C# as a class, this has nothing to do with the user accessing the mysql database

A good practise is to have two kinds of users for the database. one with read rights and one with read/write rights. This way you can use the read user when doing searches in the system and that way protecting the system from malicious code in form inputs. And in the same way, only use the write user when you want to add, update or remove data in the database.

To clarify: In your database you only need two separate users no matter how many users you have in your c# application.

To limit users of your C# application to see only data in the database that is meant for them you need to have some way to identify each user. Very common is a user ID which is basically a field in your class with type int... something like this:

For the database to know which data belongs to which user you need to add a field in each table that says "This info is about this user".
You do that by adding a column in your table. Name it something appropriate like user_id and just like the field id in your c# class, it should be an int.

Say you have a table about dogs:,

So, now each dog has an owner which you can identify through the user id which in this table is known as owner

You should also store your application users in your database. for instance like this.

Now you can see which user owns which dog and do combined searches on them through SQL.