Re: Re: Different Database Permissions Using Class::DBI

Uh, you typically restrict your DB to do certain things 'cause you don't want people doing those things. That's why a lot of companies don't allow anything but stored proc's from beign run. You can't run arbitrary sql.

Some that do allow sql, don't usually allow deletes, since you don't want an arbitrary "delete from blah".

It's not paranoia.. it's good security. Or do you not believe in firewalls too.

Comment on Re: Re: Different Database Permissions Using Class::DBI

Replies are listed 'Best First'.
Re: Re: Re: Different Database Permissions Using Class::DBI by perrin (Chancellor) on Jul 02, 2003 at 21:18 UTC
You don't understand. We're not talking about running arbitrary SQL here, just executing pre-defined method calls on a class. Security is typically enforced either in these method calls (i.e. do you have permission to call this method) or at an even higher level in the web interface. A person who isn't allowed to delete something from the database would simply not be presented with a delete option in the web UI. This makes the extra work to use different database logins redundant, so most web apps do not use multiple database logins for security.	[reply]

Replies are listed 'Best First'.

Re: Re: Re: Different Database Permissions Using Class::DBI
by perrin (Chancellor) on Jul 02, 2003 at 21:18 UTC

You don't understand. We're not talking about running arbitrary SQL here, just executing pre-defined method calls on a class. Security is typically enforced either in these method calls (i.e. do you have permission to call this method) or at an even higher level in the web interface. A person who isn't allowed to delete something from the database would simply not be presented with a delete option in the web UI. This makes the extra work to use different database logins redundant, so most web apps do not use multiple database logins for security.

[reply]