I'm writing a customer-facing application that's responsible for obtaining extremely sensitive data, much to my dismay and despite my vehement protests. Long story short, to stay in compliance with various policies, and because I'm insanely paranoid, I'll need to capture this user data and write it into a SECOND database as a user who has ONLY the "insert" privilege.
Database 1: Contains application data (inventory, e-commerce based stuff, etc.) - Primary Rails Application DB Database 2: Rails app connects as a user with only one privilege: insert. I whipped up a quick test using MySQL and Rails 2.2.2 (I haven't upgraded yet, but I will when this project is finished). I created a simple "users" table manually without an AR Migration, and then fired up script/console and executed "@u = User.new". It complained that the SELECT privilege was denied (which is the point). Obviously it needs SELECT to find out which fields - or methods - to assign to the User model (in this case). Is there any way I can achieve basic AR functionality (AR.save and AR.new, as well as AR.some_method = value) without giving this user SELECT privileges? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
