On Fri, 1999-10-01 11:14:49 -0400, Christopher R. Jones wrote:
> I will be developing a WEB application that allows users to create new
> MySQL databases. I think there are two possible scenarios:
> 1. SU adds new users to mysql and the user can then create database.
> 2. SU creates new database giving user access to select, insert, delete.
"SU" is short for "superuser", meaning in this context the database
> I am concerned about hiding the SU user_id and password in the CGI scripts.
> For example, a CGI script contains something like:
> my $db = "buildings";
> my $user = "cjones";
> my $password = "spikeo";
> my $hostname = "";
If I want to give users the possibility to create and administer their
own database, I usually give them the rights to create databases only
that have a name starting with their db username.
For a user "joe" this is:
GRANT ALL PRIVILEGES ON joe.* TO joe@'';
UPDATE mysql.db SET db='joe%' WHERE user='joe' AND db='joe';
Theoretically the same could be accomplished by
GRANT ALL PRIVILEGES ON 'joe%'.* TO joe@'';
but unfortunately MySQL gives a syntax error for this.
Now "joe" can create every database he wishes and work with it as long
as the database name starts with "joe...", but he can't change or drop
any other databases.
For this method, you as db root only have to set up the rights once
per db user, from then on no more interaction of yours is necessary.
If you additionally want to create new users somehow automatically, I
don't see a possibility to avoid needing the password for db root.
Martin Ramsch <m.ramsch@stripped> <URL: http://home.pages.de/~ramsch/ >
PGP KeyID=0xE8EF4F75 FiPr=5244 5EF3 B0B1 3826 E4EC 8058 7B31 3AD7