Another really cool way to set up the rules between your application and database layers is to give the database user account that will be used by the application layer only privileges to SELECT from VIEWs and to call stored procedures. This means that the application layer can only interact with the database in predefined ways that you have already sanctioned. Even if some malicious user managed to hijack the application layer and cause it to execute arbitrary queries on the database, it wouldn't have permissions to modify the database directly. This is of course, beyond the capabilities of MySQL but is easily done on PostgreSQL :)
Carl ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
