From 5e674fd2ba5b3e21e70830305926df7f6a9606d7 Mon Sep 17 00:00:00 2001
From: Robert <Robert@TryingToScale.com>
Date: Sat, 23 Dec 2023 01:52:53 -0500
Subject: [PATCH] secure mysql

---
 protected/README.MD | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/protected/README.MD b/protected/README.MD
index f95a532..5bebeb2 100644
--- a/protected/README.MD
+++ b/protected/README.MD
@@ -3,9 +3,18 @@
 Original Author: Matt Doyle <https://www.elated.com/cms-in-an-afternoon-php-mysql/>
 
 Updates: Robert S.
+```
+Note: I use the hash sign # to note a comment, do not run it in the terminal.
+Note: I use the dollar sign $ for the Linux prompt commands to run.
+Note: I use the greater-than sign for > the MySQL prompt commands.
+```
 
 ## Pull repo
 ```
+# AS a normal user NOT Root, we will sudo or doas for that from time to time:
+$ mkdir -p /var/www
+$ sudo groupadd www-data
+$ chgrp www-data /var/www
 $ cd /var/www
 $ git clone https://git.mysnippetsofcode.com/bobs/cms
 $ cd cms
@@ -17,8 +26,12 @@ $ cd cms
 $ sudo apt-get install mysql-server
 $ sudo systemctl start mysql
 $ sudo systemctl enable mysql
+# The following script will prompt you to perform various security-related actions. Follow the prompts to set a root password, remove anonymous users, disallow root login remotely, remove the test database, and reload the privilege tables.
+$ sudo mysql_secure_installation
 
-# Change this password SJ6G*WyaV7PvvEts@vxjm used below! 
+# Change this password SJ6G*WyaV7PvvEts@vxjm used below in a couple of places!
+
+# Enter your password assigned during setup, create a new user for the app to use.
 $ mysql -u root -p
 > CREATE USER 'zoombox'@'localhost' IDENTIFIED BY 'SJ6G*WyaV7PvvEts@vxjm';
 > GRANT ALL ON cms.* TO 'zoombox'@'localhost';
@@ -26,11 +39,16 @@ $ mysql -u root -p
 ```
 ## Import the tables.sql file:
 ```
+$ pushd protected/src
+$ pwd
+# You should be in /var/www/cms/protected/src
+# Do not use the root user for cms app!
 $ mysql -u cms -p cms < tables.sql
     enter this password when prompted: SJ6G*WyaV7PvvEts@vxjm
+$ popd
 ```
 
-The config.php file is in the protected/src folder.
+You may want to edit the config.php file which is in the protected/src folder.
 ```
 define( "BLOG_NAME", "Widgetz Newz" ); // Display Name for Titles
 ```
@@ -39,6 +57,7 @@ define( "BLOG_NAME", "Widgetz Newz" ); // Display Name for Titles
 ```
 $ pwd
 # You should be in /var/www/cms
+# DO NOT use the root user for cms app!
 $ nano .env
 DB_TYPE=mysql
 DB_HOST=127.0.0.1