I want to create my site and in the page have it so that the forum pages will use the forum mysql user having privileges on mydb.forum_table, mydb_forum_table2. and the profile page to use the profile user having access to mydb.users and mydb.profiefields and so on with the photogallery, blog, chat and... is this the right way to do it! I'm thinking of principle of least privileges but I wonder why I haven't seen other big known CMS do it!
Creating a different user for each concern of my application!
83 Views Asked by AudioBubble At
2
There are 2 best solutions below
2
pascal
On
If I understand correctly, the question is about implementing module access control based on the permissions on the tables that are used by the module.
I think it would be complicated to maintain (the link between modules, and tables), and slow to have to check the permissions on each table accessed by the module.
Related Questions in SQL
- Redirect inside java interceptor
- Spring RestTemplate passing the type of the response
- spring-integration-dsl-groovy-http return null when i use httpGet method
- Custom Spring annotation for request parameters
- Spring - configure Jboss Intros for xml with java config?
- HTTP Status 404 - Not Found in Spring 3.2.7
- AndroidAnnotations how to use setBearerAuth
- android I/O error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
- Show login dialog when not authenticated yet
- Spring Data Rest supporting json and xml
Related Questions in MYSQL
- Redirect inside java interceptor
- Spring RestTemplate passing the type of the response
- spring-integration-dsl-groovy-http return null when i use httpGet method
- Custom Spring annotation for request parameters
- Spring - configure Jboss Intros for xml with java config?
- HTTP Status 404 - Not Found in Spring 3.2.7
- AndroidAnnotations how to use setBearerAuth
- android I/O error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
- Show login dialog when not authenticated yet
- Spring Data Rest supporting json and xml
Related Questions in DATABASE-DESIGN
- Redirect inside java interceptor
- Spring RestTemplate passing the type of the response
- spring-integration-dsl-groovy-http return null when i use httpGet method
- Custom Spring annotation for request parameters
- Spring - configure Jboss Intros for xml with java config?
- HTTP Status 404 - Not Found in Spring 3.2.7
- AndroidAnnotations how to use setBearerAuth
- android I/O error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
- Show login dialog when not authenticated yet
- Spring Data Rest supporting json and xml
Related Questions in AUTHORIZATION
- Redirect inside java interceptor
- Spring RestTemplate passing the type of the response
- spring-integration-dsl-groovy-http return null when i use httpGet method
- Custom Spring annotation for request parameters
- Spring - configure Jboss Intros for xml with java config?
- HTTP Status 404 - Not Found in Spring 3.2.7
- AndroidAnnotations how to use setBearerAuth
- android I/O error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
- Show login dialog when not authenticated yet
- Spring Data Rest supporting json and xml
Related Questions in LEAST-PRIVILEGE
- Redirect inside java interceptor
- Spring RestTemplate passing the type of the response
- spring-integration-dsl-groovy-http return null when i use httpGet method
- Custom Spring annotation for request parameters
- Spring - configure Jboss Intros for xml with java config?
- HTTP Status 404 - Not Found in Spring 3.2.7
- AndroidAnnotations how to use setBearerAuth
- android I/O error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
- Show login dialog when not authenticated yet
- Spring Data Rest supporting json and xml
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
One of the critical resources for a database is connections. Generally databases are configured with a maximum number of connections, an each time a process needs to make a query, it needs a connection to do so. Database connections are expensive objects to create -- they take time and memory, and most importantly, connections are established for a specific user. The generally accepted 'best practice' for web applications is for the application, when it needs a database connection, to check a pool for an available connection. If there's a free connection in the pool, the web app will pull that connection, use it as necessary, and then return it to the pool for reuse. If there are no free connections, the app will create a new one, use it, and then place it in the pool for reuse.
If you're dealing with an application that uses multiple database users (for privilege management) and you need to use connection pooling, your application will need to establish many pools (one for each user), which will usually result in your application acquiring at least one connection for each database user it is using. This is inefficient, error prone, and needlessly complex.
If you're truly intent on limiting your application's access to data, then you should probably investigate how much support your database has for views. If views are well-supported, then you can create a view (or views) that are customized to the needs any given portion of your application.
My recommendation would be to stick to a single database user, and then use the time you just freed up to do more debugging of your application. You'll get better results, and will aggravate fewer DBAs.