[development] Temporary database credentials

Chris Johnson chris at tinpixel.com
Tue Jan 24 19:07:53 UTC 2006

Allie Micka wrote:
> Like many hosting providers, we grant full access to databases for site 
> administrators, and we create a separate, rights-limited user for each 
> database.
> This is a great idea until it's time to run update.php.   It really 
> should detect that I don't have DROP, ALTER, etc; but instead it just 
> fails badly.
> What I've been doing is editing settings.php to replace the credentials 
> in $db_url, running update.php, and then re-editing the file.  I'm sure 
> that most of our users are just leaving things as-is, which is bad for 
> many reasons.
> It would be nice to have a place to enter some temporary credentials, 
> stored in $_SESSION and disposed of when the user logs out.

Great idea, Allie.  This would be a good step towards improved security as 
well as more reliable updates.  I believe update.php should definitely check 
that it can issues ALTER, DROP, etc. if at all possible before trying to 
update tables.


More information about the development mailing list