Yup, you are absolutly correct but my application runs in a closed enviroment and our average users does not have sniffing/debugging knowledge. So this might be something I could live without. BUT this is something which touches on what I said before. That creating a "good" security system is a very complex thing. There is always something you forget;). It is therefore I would like to apply an already existing solution. This would hopefully minimize the potential bugs or security flaws.
Anyway I was given a link by Mark Leith (thanks!) on Oracle row level access that seems interesting. Here it is (not MySQL but the "mind-work" might be interesting). http://www.securityfocus.com/infocus/1743 Regards /Jonas -----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: den 18 november 2004 12:48 To: Jonas Ladenfors Cc: Mysql (E-mail) Subject: Re: Row level security requirements, can I still use MySQL? On Thu, 18 Nov 2004 10:45:37 +0100, Jonas Ladenfors wrote: > Hello, I am in the position where I need row level user access, this is > crucial in my current project. I know this has been discussed before and the > answer has been "use views when they become availble". But views would still > allow the "root" user access to the complete table, wouldnt it? I would like > to lock rows to certain user and not let anyone else see them, not even the > root user. The only way to do that is client side encryption. Otherwise a sufficiently privileged user can still see the data. (Even if it is just by sniffing the network traffic or attaching a custom debugger to the running process.) Jochem -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
