Root priveleges on database.
Just wondering if the root priveleged account needed to create the database on install are still needed after install? And was also wondering if it would be more secure for the user to setup a database and specify the credentials/database name? Also what is the reason for creating two users?
We only use the root user to create our own users and database, we drop from that state after the database and user are created.
We create a couple of users because of differing host IPs that can connect to it, mainly localhost and the docker gateway, and if you use a remote connection to the database, that IP.
You can change the credentials at any time, you just need to update the config with the new username and password, but they are randomly generated and only effectively allow access locally, so it's still decently secured.
So are the root priveleged credentials stored anywhere? and can i delete the root priveleged account after initial install (assuming it's not the actual root account of course)?
No, we do not store those credentials. We use them to deal with the initial setup, and then discard them once our user is made who has access to just the pufferpanel database.
If you made a new root privileged user for the installer, then you can safely delete it.
We only store and use credentials for the 'pufferpanel' user.