Difficult User Privileges
Posted by: Kristian Zander
Date: July 21, 2009 01:41AM


I got a serious problem, but I think it can't be solved at the moment.
I want to secure my user-accounts. I want to give Users access JUST to use columns in the WHERE-clause, not in SELECT. So that they can query following:
SELECT id FROM table WHERE user='abc' AND password='xyz' //prints the id, if user and password is correct

But following query did not succeed:
SELECT id, password FROM table WHERE user='abc' AND password='xyz' //MySQL should return error

WHY? Simple: If anyone is getting these user data he's able to get all my tabledata. So this is a more powerful way to secure my data.


Options: ReplyQuote

Written By
Difficult User Privileges
July 21, 2009 01:41AM

Sorry, you can't reply to this topic. It has been closed.
This forum is currently read only. You can not log in or make any changes. This is a temporary situation.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.