MySQL Forums
Forum List  »  PHP

Db access/privileges philosophy
Posted by: Federico Marziali
Date: November 16, 2011 03:24AM

Hello everybody,

I'm new in the database field / web application development and I'd like to post a question about "db access/privileges" philosophy, to collect some design feedback from more experienced people.

Basically the question is on how it is most secure to manage access to the database for a web application.

I have different roles in mind for the database access, which you can think as categories: some users can read only, some others can write to some tables only, others can write in all tables, others can also delete records, etc...

As a start I thought about managing all this via PHP only, i.e. by displaying the interface differently depending on the category of user that is logged on, so limiting the way the access to the database via the UI only. The connection to the database would always take place as "root".
Is this a common practice? Or should it be avoided?

Shall I create roles in the database corresponding to the users "categories" I mentioned above or is it considered an overkill with no real additional security benefits?
The point is - if I understood MySQL manual correctly - that the privileges cannot be "limited" to some set of tables only, so I'd still need to manage everything via the web interface, distinguish between the users' categories...

Any thoughts or suggestions greatly appreciated.


Options: ReplyQuote

Written By
Db access/privileges philosophy
November 16, 2011 03:24AM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.