[development] Temporary database credentials
chris at tinpixel.com
Thu Jan 26 18:04:43 UTC 2006
Neil Drumm wrote:
> Chris Johnson wrote:
>> Great idea, Allie. This would be a good step towards improved
>> security as well as more reliable updates. I believe update.php
>> should definitely check that it can issues ALTER, DROP, etc. if at all
>> possible before trying to update tables.
> This is an excellent idea. It would be a nice addition to the database API.
> I looked at the MySQL documentation for a bit and didn't notice anything
> particularly useul. SHOW GRANTS shows things for the current user, but
> not inherited permissions. And the output is in multiple rows of strings
> that have to be parsed.
> How are things looking on Postgres and SQLite?
Perhaps it would be possible to simply test permissions by trying an operation
and seeing if it fails. For example, to test ALTER, just ALTER a column to
itself (i.e. no changes). DROP is a problem, since it's destructive unless
you can CREATE to make a backup first. It might be possible to derive
permissions with a carefully ordered set of such tests.
More information about the development