You don't need root access to MySQL at all. Just create a new API user that has the proper permissions. Better yet, create a stored procedure that gets called that does all of the appropriate tasks and let this user call that proc. Then, under the hood, the proc runs as Admin to do the various tasks.
andy -----Original Message----- From: Richard White [mailto:rich...@j7is.co.uk] Sent: Sunday, August 28, 2011 5:48 AM To: cf-talk Subject: Management API? Hi, i am creating a management API to manage my clients' software. The benefit is that at a click of it will setup or delete the clients databases etc... what do you guys think of the security of this as i am presuming this would need to have root access into MySQL as it needs to have the ability to create and delete databases, set grants etc... is it wrong from a security point of view to have a cf data source that accesses the root user in MySQL? thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347061 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
