shell> mysql -u root -p
mysql> use mysql;
mysql> insert into user (user,host,select_priv)
 values ("selectuser", "www.ipm.virginia.edu","N");


mysql> select user,host,select_priv,update_priv,insert_priv,password from user;
+------------+--------------------------+-------------+-------------+-------------+------------------+
| user       | host                     | select_priv | update_priv | insert_priv | password         |
+------------+--------------------------+-------------+-------------+-------------+------------------+
| root       | localhost                | Y           | Y           | Y           | 57fcabc333bbfc2d |
| root       | www.ipm.virginia.edu     | Y           | Y           | Y           | 57fcabc333bbfc2d |
| selectuser | www.people.virginia.edu  | N           | N           | N           |                  |
+------------+--------------------------+-------------+-------------+-------------+------------------+
4 rows in set (0.01 sec)


mysql> select user,host,select_priv,update_priv,insert_priv,db from db;
+------------+--------------------------+-------------+-------------+-------------+------+
| user       | host                     | select_priv | update_priv | insert_priv | db   |
+------------+--------------------------+-------------+-------------+-------------+------+
| selectuser | www.people.virginia.edu  | Y           | N           | N           | test |
+------------+--------------------------+-------------+-------------+-------------+------+
2 rows in set (0.00 sec)

mysql> grant select on test.sales to selectuser;

This creates a user who has no password, but can only execute select statements on the database from ONE PLACE (the web server).

You already have good security on the web server. Right?