I want to create my site and in the page have it so that the forum pages will use the forum mysql user having privileges on mydb.forum_table, mydb_forum_table2. and the profile page to use the profile user having access to mydb.users and mydb.profiefields and so on with the photogallery, blog, chat and... is this the right way to do it! I'm thinking of principle of least privileges but I wonder why I haven't seen other big known CMS do it!
Creating a different user for each concern of my application!
79 Views Asked by AudioBubble At
2
There are 2 best solutions below
2
pascal
On
If I understand correctly, the question is about implementing module access control based on the permissions on the tables that are used by the module.
I think it would be complicated to maintain (the link between modules, and tables), and slow to have to check the permissions on each table accessed by the module.
Related Questions in SQL
- How to set a component published attribute
- using dart route package url got error 404
- Using Document Discovery service on a non-app engine service
- Setting height of bwu-datagrid to dynamic
- use sass transformer in intellij dart
- Get 3D cube from an Obb3
- Send event from parent to child element in polymer.dart
- In the dart:io library, why would one want to set runInShell: true when calling Process.run?
- Can two @published properties have the same name
- dartanalyzer doesn't give a warning for missing implementation from interface
Related Questions in MYSQL
- How to set a component published attribute
- using dart route package url got error 404
- Using Document Discovery service on a non-app engine service
- Setting height of bwu-datagrid to dynamic
- use sass transformer in intellij dart
- Get 3D cube from an Obb3
- Send event from parent to child element in polymer.dart
- In the dart:io library, why would one want to set runInShell: true when calling Process.run?
- Can two @published properties have the same name
- dartanalyzer doesn't give a warning for missing implementation from interface
Related Questions in DATABASE-DESIGN
- How to set a component published attribute
- using dart route package url got error 404
- Using Document Discovery service on a non-app engine service
- Setting height of bwu-datagrid to dynamic
- use sass transformer in intellij dart
- Get 3D cube from an Obb3
- Send event from parent to child element in polymer.dart
- In the dart:io library, why would one want to set runInShell: true when calling Process.run?
- Can two @published properties have the same name
- dartanalyzer doesn't give a warning for missing implementation from interface
Related Questions in AUTHORIZATION
- How to set a component published attribute
- using dart route package url got error 404
- Using Document Discovery service on a non-app engine service
- Setting height of bwu-datagrid to dynamic
- use sass transformer in intellij dart
- Get 3D cube from an Obb3
- Send event from parent to child element in polymer.dart
- In the dart:io library, why would one want to set runInShell: true when calling Process.run?
- Can two @published properties have the same name
- dartanalyzer doesn't give a warning for missing implementation from interface
Related Questions in LEAST-PRIVILEGE
- How to set a component published attribute
- using dart route package url got error 404
- Using Document Discovery service on a non-app engine service
- Setting height of bwu-datagrid to dynamic
- use sass transformer in intellij dart
- Get 3D cube from an Obb3
- Send event from parent to child element in polymer.dart
- In the dart:io library, why would one want to set runInShell: true when calling Process.run?
- Can two @published properties have the same name
- dartanalyzer doesn't give a warning for missing implementation from interface
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
One of the critical resources for a database is connections. Generally databases are configured with a maximum number of connections, an each time a process needs to make a query, it needs a connection to do so. Database connections are expensive objects to create -- they take time and memory, and most importantly, connections are established for a specific user. The generally accepted 'best practice' for web applications is for the application, when it needs a database connection, to check a pool for an available connection. If there's a free connection in the pool, the web app will pull that connection, use it as necessary, and then return it to the pool for reuse. If there are no free connections, the app will create a new one, use it, and then place it in the pool for reuse.
If you're dealing with an application that uses multiple database users (for privilege management) and you need to use connection pooling, your application will need to establish many pools (one for each user), which will usually result in your application acquiring at least one connection for each database user it is using. This is inefficient, error prone, and needlessly complex.
If you're truly intent on limiting your application's access to data, then you should probably investigate how much support your database has for views. If views are well-supported, then you can create a view (or views) that are customized to the needs any given portion of your application.
My recommendation would be to stick to a single database user, and then use the time you just freed up to do more debugging of your application. You'll get better results, and will aggravate fewer DBAs.