On 02.01.2006 13:41 (+0100), Imran Chaudhry wrote:
> GRANT and REVOKE are essential to your database security, I would
> think twice before adding a "layer" on top of them. There is potential
> for error and you dont want that where security is related. It is
> probably worth the "pain" of learning the ins and outs of
I wanted to create a tool that manages these privileges with a simple
interface. To me, GRANT is a privilege like others are. I know that
GRANT is a very powerful privilege but it's still a privilege and I
don't want to handle same things differently, that's just stupid as for
the application design. Not sure what the SQL inventors thought about it
some decades ago, where computers didn't have to be easy to handle.
I won't make much usage of that special privilege anyway, I'll mostly
allow single users read/write/definition access to single databases. But
when I want to revoke all privileges from a user, I also want the GRANT
privilege to be revoked, and for this I currently need a second command.
Well, doesn't matter, SQL is complicated and that's what my tool works
# mysqlmgr add database www1
# mysqlmgr add user www1 password xxx
# mysqlmgr allow user www1 database www1 read write define
Yves Goergen "LonelyPixel" <nospam.list@stripped>
"Does the movement of the trees make the wind blow?"
http://newsboard.unclassified.de - Unclassified NewsBoard Forum