[development] Temporary database credentials

Chris Johnson chris at tinpixel.com
Thu Jan 26 18:04:43 UTC 2006


Neil Drumm wrote:
> Chris Johnson wrote:

>> Great idea, Allie.  This would be a good step towards improved 
>> security as well as more reliable updates.  I believe update.php 
>> should definitely check that it can issues ALTER, DROP, etc. if at all 
>> possible before trying to update tables.
> 
> This is an excellent idea. It would be a nice addition to the database API.
> 
> I looked at the MySQL documentation for a bit and didn't notice anything 
> particularly useul. SHOW GRANTS shows things for the current user, but 
> not inherited permissions. And the output is in multiple rows of strings 
> that have to be parsed.
> 
> How are things looking on Postgres and SQLite?

Perhaps it would be possible to simply test permissions by trying an operation 
and seeing if it fails.  For example, to test ALTER, just ALTER a column to 
itself (i.e. no changes).  DROP is a problem, since it's destructive unless 
you can CREATE to make a backup first.  It might be possible to derive 
permissions with a carefully ordered set of such tests.

..chrisxj





More information about the development mailing list