Drupal Hardening (Security) at the database.

Hi,

I am attempting to determine if the following is a possibility:

In a multiple web server (load balanced) environment I would like to configure the Drupal database with two sets of credentials:

One that would include the full “owner” database permissions outlined in the INSTALL document:

CREATE USER [email protected] IDENTIFIED BY 'password';

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON databasename.* TO 'username'@'localhost' IDENTIFIED BY 'password';

And a second credential that would be a lot more restricted (namely no CREATE, no DROP, no ALTER and only having INSERT, UPDATE, and DELETE permissions on tables necessary for “anonymous” user operations performed on the public facing site). For this specific application the only authenticated Drupal users are content editors and administrators. The anonymous user does not log in at all. The Drupal site is only a public facing web presence.

The web server possessing the higher privilege credential would not be in the group of “public facing” load balanced servers and would be restricted (firewall) to only the content editors and administrators. Any “public facing” load balanced servers would posses the more restricted credential. I understand that Drupal needs the ability to CREATE & DROP tables as modules are installed, etc… However, anonymous users will never be performing tasks like installation of modules, configuring blocks, or modifying / contributing content (other than possibly webform submission like activity).

Has anybody every configured anything like this or could someone clue me into a guide on what parts of Drupal might require more than SELECT and CREATE TEMPORARY TABLES permissions?

Thanks in advance!

Drupal version: 


Source: https://www.drupal.org/taxonomy/term/1/feed