List:General Discussion« Previous MessageNext Message »
From:Mark Goodge Date:June 3 2011 10:47am
Subject:Re: Allowing all users to access a specified database
View as plain text  
On 03/06/2011 11:24, John Daisley wrote:
> The reason
>
> *GRANT SELECT, INSERT, UPDATE, DELETE ON mydyb TO '%'@'%';*
> *
> *
> does not work is because that command would be suicidal in terms of
> security.
>
> If you are hosting a large number of ecommerce sites and granting any user
> access to those databases then you would want security to be far tighter.
> Allowing that sort of access is about as secure as publishing the data on
> facebook.

That's not a problem in this case - the data is *intended* to be shared 
between all users of the system. It's data required by the software that 
the sites run on - which is simple, non-confidential stuff like basic 
settings as well as data which each site deliberately exports for 
copying by the others. The end users are not different organisations, 
they are different trading divisions within the same organisation.

> What version of MySQL are you using?

5.0.7

Mark
-- 
  Sent from my Babbage Difference Engine
  http://mark.goodge.co.uk
  http://www.ratemyairport.com
Thread
Allowing all users to access a specified databaseMark Goodge3 Jun
  • Re: Allowing all users to access a specified databaseJohn Daisley3 Jun
    • Re: Allowing all users to access a specified databaseMark Goodge3 Jun
      • Re: Allowing all users to access a specified databaseJohn Daisley3 Jun
        • Re: Allowing all users to access a specified databaseJohan De Meersman3 Jun
  • Re: Allowing all users to access a specified databaseJohan De Meersman3 Jun