Re: opening a server to generalized queries but not "too" far

Raj Shekhar writes: > One option here might be to use "mysql proxy" as a man-in-the-middle and > filter out unwanted queries... This seems more or less the same as what I'm doing now with php. The same question applies there - what would you look for in your filter? -- MySQL General Mailing Li

Re: opening a server to generalized queries but not "too" far

In infinite wisdom don-mysq...@isis.cs3-inc.com (Don Cohen) wrote: > The question is what I have to prohibit in order to prevent either > updates or access to other tables, or perhaps other things that > I should be worried about but haven't yet thought of. One option here might be to use "mysq

RE: opening a server to generalized queries but not "too" far

Daevid Vincent writes: > > > For the love of God and all that is holy, > > > do NOT put the user/pass on the URL like that!! > > What's so unholy (or even unwise) about it? > Oh my goodness, where to begin... > Well barring the fact that it'll be in the user's cache and browser It won't b

RE: opening a server to generalized queries but not "too" far

> -Original Message- > From: Don Cohen [mailto:don-mysq...@isis.cs3-inc.com] > Sent: Wednesday, June 16, 2010 2:48 PM > To: Daevid Vincent > Cc: mysql@lists.mysql.com > Subject: RE: opening a server to generalized queries but not "too" far > > Daev

RE: opening a server to generalized queries but not "too" far

On Wed, June 16, 2010 14:47, Don Cohen wrote: > Daevid Vincent writes: > > > For the love of God and all that is holy, > > do NOT put the user/pass on the URL like that!! > What's so unholy (or even unwise) about it? The username and password shows up in logs on the server and in the browser'

RE: opening a server to generalized queries but not "too" far

Daevid Vincent writes: > For the love of God and all that is holy, > do NOT put the user/pass on the URL like that!! What's so unholy (or even unwise) about it? > Or use "mod_auth_mysql" to maintain your 'authorized' users to your page. Why is this so much better? In my case it's worse ca

RE: opening a server to generalized queries but not "too" far

> -Original Message- > From: Don Cohen [mailto:don-mysq...@isis.cs3-inc.com] > > The http request I have in mind will be something like > https://server.foo.com?user=john&password=wxyz&;... > and the resulting query something like > select ... from table where user=john and ... > (I w

Re: opening a server to generalized queries but not "too" far

MySQL doesn't have row level permissions, but this is what VIEWS are for. If you only want access to specific rows, create a view with that subset of data. You can create a function (privilege bound) to create the view to make this more dynamic. If you want direct access to the database, then you

Re: opening a server to generalized queries but not "too" far

Adam Alkins writes: > Sounds like you just want to GRANT access to specific tables (and with > limited commands), which is exactly what MySQL's privilege system does. How about this part? > > Finally, suppose I want to limit access to the table to the rows > > where col1=value1. If I just add

Re: opening a server to generalized queries but not "too" far

Sounds like you just want to GRANT access to specific tables (and with limited commands), which is exactly what MySQL's privilege system does. Refer to http://dev.mysql.com/doc/refman/5.1/en/grant.html For example, you can grant only SELECT privi

opening a server to generalized queries but not "too" far

This seems like a topic that must have been studied, but I'm having trouble figuring out what to search for in Google, since the usual discussion of sql injection is not what I'm looking for here. If anyone knows of references that discuss the issue, I'd like to see them. I'm also interested in a