[development] Temporary database credentials
Chris Johnson
chris at tinpixel.com
Tue Jan 24 19:07:53 UTC 2006
Allie Micka wrote:
> Like many hosting providers, we grant full access to databases for site
> administrators, and we create a separate, rights-limited user for each
> database.
>
> This is a great idea until it's time to run update.php. It really
> should detect that I don't have DROP, ALTER, etc; but instead it just
> fails badly.
>
> What I've been doing is editing settings.php to replace the credentials
> in $db_url, running update.php, and then re-editing the file. I'm sure
> that most of our users are just leaving things as-is, which is bad for
> many reasons.
>
> It would be nice to have a place to enter some temporary credentials,
> stored in $_SESSION and disposed of when the user logs out.
Great idea, Allie. This would be a good step towards improved security as
well as more reliable updates. I believe update.php should definitely check
that it can issues ALTER, DROP, etc. if at all possible before trying to
update tables.
..chrisxj
More information about the development
mailing list