Chris Johnson wrote:
Allie Micka wrote:
Like many hosting providers, we grant full access to databases for site administrators, and we create a separate, rights-limited user for each database.
This is a great idea until it's time to run update.php. It really should detect that I don't have DROP, ALTER, etc; but instead it just fails badly.
What I've been doing is editing settings.php to replace the credentials in $db_url, running update.php, and then re-editing the file. I'm sure that most of our users are just leaving things as-is, which is bad for many reasons.
It would be nice to have a place to enter some temporary credentials, stored in $_SESSION and disposed of when the user logs out.
Great idea, Allie. This would be a good step towards improved security as well as more reliable updates. I believe update.php should definitely check that it can issues ALTER, DROP, etc. if at all possible before trying to update tables.
This is an excellent idea. It would be a nice addition to the database API. I looked at the MySQL documentation for a bit and didn't notice anything particularly useul. SHOW GRANTS shows things for the current user, but not inherited permissions. And the output is in multiple rows of strings that have to be parsed. How are things looking on Postgres and SQLite? -- Neil Drumm http://delocalizedham.com/