Db access/privileges philosophy
Hello everybody,
I'm new in the database field / web application development and I'd like to post a question about "db access/privileges" philosophy, to collect some design feedback from more experienced people.
Basically the question is on how it is most secure to manage access to the database for a web application.
I have different roles in mind for the database access, which you can think as categories: some users can read only, some others can write to some tables only, others can write in all tables, others can also delete records, etc...
As a start I thought about managing all this via PHP only, i.e. by displaying the interface differently depending on the category of user that is logged on, so limiting the way the access to the database via the UI only. The connection to the database would always take place as "root".
Is this a common practice? Or should it be avoided?
Shall I create roles in the database corresponding to the users "categories" I mentioned above or is it considered an overkill with no real additional security benefits?
The point is - if I understood MySQL manual correctly - that the privileges cannot be "limited" to some set of tables only, so I'd still need to manage everything via the web interface, distinguish between the users' categories...
Any thoughts or suggestions greatly appreciated.
Fede
Subject
Written By
Posted
Db access/privileges philosophy
November 16, 2011 03:24AM
November 17, 2011 11:55PM
November 21, 2011 01:01AM
November 22, 2011 09:29PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.