from a MySql point of view, how would you deal with security on a site?
would you than create individual users?
> My 2 cents (American dollars): From a security standpoint (if you are a financial
> institution) you'd would never get away with #2 because there is no audit trail with
> multiple users using a "generic" user id.
> The MySQL implementation of security is not implemented with auditing and standard
> role based assignments in mind. I am hopeful that they will correct this issue down the
> Danny Stolle <d.stolle@stripped> wrote:
>>i would like to discuss 'user management' in mysql. Working with Oracle
>>you can assign users to roles giving them privileges provided by that
>>role. MySql doesn't have Roles. I have read (Managing and Using MySql,
>>O'Reilly) 3 options on managing users having multiple roles in a MySql
>>1. Giving the user a Single user ID and assign the privileges to that
>>2. Create role-bases users and have different people share the same user
>>ID for a given role.
>>3. Create multiple user IDs for each role played by each user
>>(dannys_arch as an architect, dannys_dev as a developer).
>>Which of these 3 options is the most preferable one or are there more
>>options which you can use. What are the advantages and disadvantages on
>>working with one of these 3 options? how do you handle hostnames when
>>working with random ip-addresses on your site.
>>Or just plain simple (or stupid) what are your experiences on user
>>management in a MySql environment.
>>MySQL General Mailing List
>>For list archives: http://lists.mysql.com/mysql
>>To unsubscribe: http://lists.mysql.com/mysql?unsub=1
> Switch to Netscape Internet Service.
> As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
> Netscape. Just the Net You Need.
> New! Netscape Toolbar for Internet Explorer
> Search from anywhere on the Web and block those annoying pop-ups.
> Download now at http://channels.netscape.com/ns/search/install.jsp