List:General Discussion« Previous MessageNext Message »
From:Don Cohen Date:June 16 2010 7:48pm
Subject:Re: opening a server to generalized queries but not "too" far
View as plain text  
Adam Alkins writes:
 > Sounds like you just want to GRANT access to specific tables (and with
 > limited commands), which is exactly what MySQL's privilege system does.

How about this part?
 > > Finally, suppose I want to limit access to the table to the rows
 > > where col1=value1.  If I just add that to <wherespec> what can an
 > > attacker do to read other rows?

The http request I have in mind will be something like
 https://server.foo.com?user=john&password=wxyz&...
and the resulting query something like
 select ... from table where user=john and ...
(I will first have verified the password.)

It seems I'd have to create a separate mysql user for each user in
my table, and perhaps also a separate separate table (or view?) for
that user to be allowed to read.
I suppose the php process could create the table/view, create the
user, then connect as the user to execute the query, then remove the
user.

Even if this turns out to be the best solution, I'm interested in
the answer to the original question.

Thread
opening a server to generalized queries but not "too" far(Don Cohen)16 Jun
  • Re: opening a server to generalized queries but not "too" farAdam Alkins16 Jun
    • Re: opening a server to generalized queries but not "too" far(Don Cohen)16 Jun
      • Re: opening a server to generalized queries but not "too" farAdam Alkins16 Jun
      • RE: opening a server to generalized queries but not "too" farDaevid Vincent16 Jun
        • RE: opening a server to generalized queries but not "too" far(Don Cohen)16 Jun
          • RE: opening a server to generalized queries but not "too" farWm Mussatto17 Jun
          • RE: opening a server to generalized queries but not "too" farDaevid Vincent17 Jun
            • RE: opening a server to generalized queries but not "too" far(Don Cohen)17 Jun
  • Re: opening a server to generalized queries but not "too" farRaj Shekhar18 Jun
    • Re: opening a server to generalized queries but not "too" far(Don Cohen)18 Jun