[EMAIL PROTECTED] writes: [...]
> Your application will still need access to the data it gets from > MySQL so changing your MySQL permissions doesn't make any sense, > does it. It's your application that needs to say "no" to the > user. You don't want MySQL saying "no" to your application. Do you? Having multiple layers of security is generally a good design (often called "Security in depth" or "Defense in depth"). That way if there's a flaw in your application, the damage is limited. If you think that's unlikely to happen, then you're not paying attention: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sql+injection ----ScottG. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]