List:General Discussion« Previous MessageNext Message »
From:Scott Gifford Date:October 12 2005 3:34pm
Subject:Re: Downgrade privileges on connect
View as plain text  
Andrew_Hoying@stripped writes:

> Is it possible for a MySQL connection to request a downgrade in
> privileges?  What I'd like to be able to do is create one database
> user account for a database application with read and write
> privileges to the tables, but if an application user logs in who
> only has read access, then to downgrade the permission's on the SQL
> server for the database user to select only for that connection.

I don't know of a way to do exactly what you describe, but you can get
the same effects by creating two accounts, one with only SELECT
privileges and one with whatever write privileges you need.  Then
you application can simply decide which account to authenticate with.

> I want to be able to give an added level of assurance that the user
> will not be able to write to the database even if the application
> controls are circumvented.

That sounds like an excellent design decision.

----Scott.
Thread
Downgrade privileges on connectAndrew_Hoying12 Oct
  • Re: Downgrade privileges on connectSGreen12 Oct
    • Re: Downgrade privileges on connectAndrew_Hoying12 Oct
      • Re: Downgrade privileges on connectSGreen12 Oct
        • Re: Downgrade privileges on connectAndrew_Hoying12 Oct
          • Re: Downgrade privileges on connectJoerg Bruehe13 Oct
        • Re: Downgrade privileges on connectScott Gifford12 Oct
  • Re: Downgrade privileges on connectScott Gifford12 Oct