List:General Discussion« Previous MessageNext Message »
From:Daevid Vincent Date:June 16 2010 8:52pm
Subject:RE: opening a server to generalized queries but not "too" far
View as plain text  
 

> -----Original Message-----
> From: Don Cohen [mailto:don-mysql8y@stripped] 
>
> The http request I have in mind will be something like
>  https://server.foo.com?user=john&password=wxyz&...
> and the resulting query something like
>  select ... from table where user=john and ...
> (I will first have verified the password.)

For the love of God and all that is holy, 
do NOT put the user/pass on the URL like that!!!!!!

Do something like this instead:
http://us.php.net/manual/en/features.http-auth.php

Or use "mod_auth_mysql" to maintain your 'authorized' users to your page.

And as Adam beat me to, use a VIEW to expose ONLY the columns and joins you
want. This is also a good time to normalize the data and column names so
that you don't expose what their internal names are.

http://dev.mysql.com/doc/refman/5.0/en/create-view.html
http://www.techotopia.com/index.php/An_Introduction_to_MySQL_Views
http://www.devshed.com/c/a/MySQL/Views-and-More-in-MySQL-50/

But also has he said, I don't see what you're trying to accomplish. If
someone is technically literate to format SQL statements, then just give
them a read-only account to the mysql (or view) directly. Let them use
their own GUI tool like SQLYog or whatever -- it will be far more robust
than anything you can write yourself.

If you're trying to do some "reports", then just code up the reports and
use select boxes for the options you want someone to choose. Use jQuery and
table_sorter plugin and you're done.

Thread
opening a server to generalized queries but not "too" far(Don Cohen)16 Jun
  • Re: opening a server to generalized queries but not "too" farAdam Alkins16 Jun
    • Re: opening a server to generalized queries but not "too" far(Don Cohen)16 Jun
      • Re: opening a server to generalized queries but not "too" farAdam Alkins16 Jun
      • RE: opening a server to generalized queries but not "too" farDaevid Vincent16 Jun
        • RE: opening a server to generalized queries but not "too" far(Don Cohen)16 Jun
          • RE: opening a server to generalized queries but not "too" farWm Mussatto17 Jun
          • RE: opening a server to generalized queries but not "too" farDaevid Vincent17 Jun
            • RE: opening a server to generalized queries but not "too" far(Don Cohen)17 Jun
  • Re: opening a server to generalized queries but not "too" farRaj Shekhar18 Jun
    • Re: opening a server to generalized queries but not "too" far(Don Cohen)18 Jun