MySQL Forums
Forum List  »  Security

dynamic privileges for web applications
Posted by: mohamed sdiri
Date: May 26, 2023 07:54AM

I want to design a dynamic privileges system to be applied in relation to some bundles (modules) of my monolithic web application in PHP. My goal is to ensure security by applying custom privileges for each user based on their roles at the database level, not just relying on the application logic. This approach aims to prevent any unwanted behavior in the web application, such as arbitrary execution due to undiscovered vulnerabilities.

During my research, I discovered that one way to achieve this is by creating multiple database users. However, it is strongly advised against switching between multiple database users, and there are no arguments in favor of it. In my application, I have numerous user profiles, each with different access permissions, similar to what we find in cloud solution providers.

Is it possible to implement this in MySQL?

Options: ReplyQuote

Written By
dynamic privileges for web applications
May 26, 2023 07:54AM

Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.