Raj Shekhar writes:
One option here might be to use mysql proxy as a man-in-the-middle and
filter out unwanted queries...
This seems more or less the same as what I'm doing now with php.
The same question applies there - what would you look for in your
filter?
--
MySQL General Mailing List
In infinite wisdom don-mysq...@isis.cs3-inc.com (Don Cohen) wrote:
The question is what I have to prohibit in order to prevent either
updates or access to other tables, or perhaps other things that
I should be worried about but haven't yet thought of.
One option here might be to use mysql
Sounds like you just want to GRANT access to specific tables (and with
limited commands), which is exactly what MySQL's privilege system does.
Refer to http://dev.mysql.com/doc/refman/5.1/en/grant.html
http://dev.mysql.com/doc/refman/5.1/en/grant.htmlFor example, you can
grant only SELECT
Adam Alkins writes:
Sounds like you just want to GRANT access to specific tables (and with
limited commands), which is exactly what MySQL's privilege system does.
How about this part?
Finally, suppose I want to limit access to the table to the rows
where col1=value1. If I just add that
MySQL doesn't have row level permissions, but this is what VIEWS are for. If
you only want access to specific rows, create a view with that subset of
data. You can create a function (privilege bound) to create the view to make
this more dynamic.
If you want direct access to the database, then you
-Original Message-
From: Don Cohen [mailto:don-mysq...@isis.cs3-inc.com]
The http request I have in mind will be something like
https://server.foo.com?user=johnpassword=wxyz;...
and the resulting query something like
select ... from table where user=john and ...
(I will first
Daevid Vincent writes:
For the love of God and all that is holy,
do NOT put the user/pass on the URL like that!!
What's so unholy (or even unwise) about it?
Or use mod_auth_mysql to maintain your 'authorized' users to your page.
Why is this so much better?
In my case it's worse cause
On Wed, June 16, 2010 14:47, Don Cohen wrote:
Daevid Vincent writes:
For the love of God and all that is holy,
do NOT put the user/pass on the URL like that!!
What's so unholy (or even unwise) about it?
The username and password shows up in logs on the server and in the
browser's
-Original Message-
From: Don Cohen [mailto:don-mysq...@isis.cs3-inc.com]
Sent: Wednesday, June 16, 2010 2:48 PM
To: Daevid Vincent
Cc: mysql@lists.mysql.com
Subject: RE: opening a server to generalized queries but not too far
Daevid Vincent writes:
For the love of God and
Daevid Vincent writes:
For the love of God and all that is holy,
do NOT put the user/pass on the URL like that!!
What's so unholy (or even unwise) about it?
Oh my goodness, where to begin...
Well barring the fact that it'll be in the user's cache and browser
It won't because
10 matches
Mail list logo