List:General Discussion« Previous MessageNext Message »
From:Wm Mussatto Date:June 16 2010 10:29pm
Subject:RE: opening a server to generalized queries but not "too" far
View as plain text  
On Wed, June 16, 2010 14:47, Don Cohen wrote:
> Daevid Vincent writes:
>
>  > For the love of God and all that is holy,
>  > do NOT put the user/pass on the URL like that!!!!!!
> What's so unholy (or even unwise) about it?
The username and password shows up in logs on the server and in the
browser's cache since it is part of the page's "address".  Anyone who has
access to either will get them.  Remember, browser's cache history.
>  > Or use "mod_auth_mysql" to maintain your 'authorized' users to your
> page.
> Why is this so much better?
> In my case it's worse cause I don't want this to be interactive.
> I want to install something on a user's machine that will access his
> data without him having to do anything.  The url is to be used by
> a program, not a person on a browser.
>
>  > And as Adam beat me to, use a VIEW to expose ONLY the columns and joins
> you
>  > want. This is also a good time to normalize the data and column names
> so
>  > that you don't expose what their internal names are.
> So far I don't like this solution.
>
>  > But also has he said, I don't see what you're trying to accomplish. If
> I'm trying to let a large number of users each access his own data
> and not everyone else's in a very flexible way, in particular,
> allowing selection using functions, aggregations, filters.
>
>  > someone is technically literate to format SQL statements, then just
> give
>  > them a read-only account to the mysql (or view) directly. Let them use
>  > their own GUI tool like SQLYog or whatever -- it will be far more
> robust
>  > than anything you can write yourself.
> In this case there may be a lot of users but the queries are likely to
> be written by a small number.
>
>  > If you're trying to do some "reports", then just code up the reports
> and
>  > use select boxes for the options you want someone to choose. Use jQuery
> and
>  > table_sorter plugin and you're done.
> I can't predict what options will be needed.
> And this seems much easier.
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:    http://lists.mysql.com/mysql?unsub=1
>
>


Thread
opening a server to generalized queries but not "too" far(Don Cohen)16 Jun
  • Re: opening a server to generalized queries but not "too" farAdam Alkins16 Jun
    • Re: opening a server to generalized queries but not "too" far(Don Cohen)16 Jun
      • Re: opening a server to generalized queries but not "too" farAdam Alkins16 Jun
      • RE: opening a server to generalized queries but not "too" farDaevid Vincent16 Jun
        • RE: opening a server to generalized queries but not "too" far(Don Cohen)16 Jun
          • RE: opening a server to generalized queries but not "too" farWm Mussatto17 Jun
          • RE: opening a server to generalized queries but not "too" farDaevid Vincent17 Jun
            • RE: opening a server to generalized queries but not "too" far(Don Cohen)17 Jun
  • Re: opening a server to generalized queries but not "too" farRaj Shekhar18 Jun
    • Re: opening a server to generalized queries but not "too" far(Don Cohen)18 Jun