I want to create my site and in the page have it so that the forum pages will use the forum mysql user having privileges on mydb.forum_table, mydb_forum_table2. and the profile page to use the profile user having access to mydb.users and mydb.profiefields and so on with the photogallery, blog, chat and... is this the right way to do it! I'm thinking of principle of least privileges but I wonder why I haven't seen other big known CMS do it!
Creating a different user for each concern of my application!
93 Views Asked by AudioBubble At
2
There are 2 best solutions below
2
pascal
On
If I understand correctly, the question is about implementing module access control based on the permissions on the tables that are used by the module.
I think it would be complicated to maintain (the link between modules, and tables), and slow to have to check the permissions on each table accessed by the module.
Related Questions in SQL
- Can MVC.NET prevent SQL-injection at razor or controller level?
- SQL server not returning all rows
- When dealing with databases, does adding a different table when we can use a simple hash a good thing?
- Creating a parametrized field name for a SELECT clause
- Combine two rows based on common ID
- Column displays each count
- Slick query for one to optional one (zero or one) relationship
- Aggregate and count in PostgreSQL
- MAX and GROUP BY - SQL
- SQL statement for a tricky 2 table query
- How to create nested selects with sql?
- Pull and push data from and into sql databases using Excel VBA without pasting the data in Excel sheets
- Best Practice for adding columns to a Table in Oracle database
- SQL FIFO STACK using two tables
- SQL Query - Order by String (which contains number and chars)
Related Questions in MYSQL
- MySQL Select Rank
- When dealing with databases, does adding a different table when we can use a simple hash a good thing?
- Push mysql database script to server using git
- Why does mysql stop using indexes when date ranges are added to the query?
- Google Maps API Re-size
- store numpy array in mysql
- Whats wrong with this query? Using ands
- MySQL-Auto increment
- show duplicate values subquery mysql
- Java Web Application Query Is Not Working
- microsoft odbc driver manager data source name not found and no default driver specified
- Setting foreign key in phpMyAdmin
- No responses from google places text search api
- Adding to MAMP database in SQL/PHP
- I want to remove certain parent- and child-divs in all my wordpress posts with php or some other script
Related Questions in DATABASE-DESIGN
- Big data with spatial queries/indexing
- Unique hash/index for time interval
- Best practices for creating a huge SQL table
- Database Design: How should I store user's news preferences in MySQL database?
- Is it recommended to use Node.js for an online room booking web application?
- Storing multiple item settings in database
- Which column type for storing the year field in a table with rows of yearly data
- Best way to setup a i8n in a database
- Database normalization for electricity monitoring system
- Database Design: Unique Billing Assocation
- Is it always a bad practice to have circular relationships in your database design
- One column maps to mutiple columns from different table
- Replicating tables within the database
- mysql one translates table vs multiple translate table
- Nosql database design for complex querying
Related Questions in AUTHORIZATION
- Using Flat Files for authorization instead of using database tables
- Restrinct action to one single PC under MVC C# web application?
- Outgoing WSS authorization from WebRequest C#
- User is authorised when using IE but not Chrome/Firefox
- C# "The underlying provider failed on Open."
- Can't deny access to role in web.config authorization element
- SonarQube LDAP authentication is not working
- Authorization Model: Context of Role?
- Best practice building login for Node.js using socket.io and express
- Where to apply domain level permissioning
- Should i do authorization on my Domain Services?
- Authorize user by retrieving credentials from LDAP and passing into OAuth 1.0a using Atlassian Stash REST API
- How to redirect to another page from OnAutherization Of MVC in angularjs
- AngularJS header authorization format in Interceptor
- Role concept in the authorization
Related Questions in LEAST-PRIVILEGE
- Restricted PostgreSQL permissions for web app
- Principle of Least Privilege with Entity Framework
- Principle of least privilege and the const keyword
- Entify Framework Inserts require Select permissions
- I want to achieve the following using permission boundary
- How can I create an IAM policy on AWS Secrets Manager to grant a group least privilege access. I only grant access to secrets created or owned. Thnx(:
- I want run my function in limited account with administrator permission
- Can I AutoCreate an IAM role for a Cloudformation stack from the template?
- Spinnaker User Authorization and Instance Permission Restrictions
- Minimum IAM permissions required to attach SG to EC2 Instance?
- How to limit program runtime, memory usage and as a specific user programmatically in Linux
- I have problem with least privilege principle. incrementing a member when an object is created
- Creating a different user for each concern of my application!
- Running an OSX Application with Low Privilege
- Disabling the SeDebugPrivilege in C#
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
One of the critical resources for a database is connections. Generally databases are configured with a maximum number of connections, an each time a process needs to make a query, it needs a connection to do so. Database connections are expensive objects to create -- they take time and memory, and most importantly, connections are established for a specific user. The generally accepted 'best practice' for web applications is for the application, when it needs a database connection, to check a pool for an available connection. If there's a free connection in the pool, the web app will pull that connection, use it as necessary, and then return it to the pool for reuse. If there are no free connections, the app will create a new one, use it, and then place it in the pool for reuse.
If you're dealing with an application that uses multiple database users (for privilege management) and you need to use connection pooling, your application will need to establish many pools (one for each user), which will usually result in your application acquiring at least one connection for each database user it is using. This is inefficient, error prone, and needlessly complex.
If you're truly intent on limiting your application's access to data, then you should probably investigate how much support your database has for views. If views are well-supported, then you can create a view (or views) that are customized to the needs any given portion of your application.
My recommendation would be to stick to a single database user, and then use the time you just freed up to do more debugging of your application. You'll get better results, and will aggravate fewer DBAs.