Hi guys, I'm creating a new app and I'd like to know how would be the best way to implement the principle of least privilege. At the moment the DB has 5 users:
- 1 is the root user for the DB (which I don't want it to be used by the webapp) - 1 has read access to the data fields - 1 has write access to the data fields - 1 has read access to the users table - 1 has write access to the users table What I intend to achieve is that if in any occasion we've got a sql injection for whatever the reason, the access to the DB from the app form will be as limited as possible. If using python directly I would create a DB connection for each functionality so they use the right DB user and have the right permissions. In Django, though, as you have to configure the default DB access in the settings and it has to sync, etc... I'm not sure what will be the best way to implement that splitting of privileges. I've configured the 5 connections in the settings but not sure how to best use them for the different functions of authenticate, read and write from the DB. Any ideas? Thanks, Isaac -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/JHYEv19RHOYJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
