database permissions less is better?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mainegate
Forum Newbie
Posts: 14
Joined: Sat Nov 29, 2008 5:49 pm

database permissions less is better?

Post by mainegate »

Anyone make any recommendations for giving user access to the database? Besides myself I obviously don't want to give anyone more than a SELECT and UPDATE. However, my question is should I have different connects for different situations that have different privelages?

For example: I'm checking user credentials. I would use the SELECT only permission and include that config file. However, If I'm updating some contact info then I would use the SELECT and UPDATE permission.

Does this sound right? Or should I give everything one config file with SELECT and UPDATE? I think I know my answer but I just want to run it by you studs first before I move on to the next stupid question.
Yossarian
Forum Contributor
Posts: 101
Joined: Fri Jun 30, 2006 4:43 am

Re: database permissions less is better?

Post by Yossarian »

Sounds pretty reasonable to me.

I think of them as readonly permissions, which is what I mostly use for public views.

But really, if you have an admin person able to set permissions for others, then they have to be able to delete them too.

Unless you hold with the philosophy that you should generally delete nothing, just have a flag like display = 0.

If youre real paranoid you can all the admin-ner to only delete on named tables, which I guess you know.
mainegate
Forum Newbie
Posts: 14
Joined: Sat Nov 29, 2008 5:49 pm

Re: database permissions less is better?

Post by mainegate »

I have people upload files and they can delete them if they don't want them anymore. I figure don't want to give people permission to delete in db nor delete on the server. Plus, what if they delete something that is really important to them...I can restore it if they really want it. Then run a script that checks when the file was deleted by the user and then if so many days (a month or something) then it deletes it from the db and the server.

Sound right? What do you mean by display=0 ? Is this another column in the db and when querying use this in the WHERE to only display the actual things they want? Then when they say delete it changes it to 1?
Yossarian
Forum Contributor
Posts: 101
Joined: Fri Jun 30, 2006 4:43 am

Re: database permissions less is better?

Post by Yossarian »

mainegate wrote:...I can restore it if they really want it....

snip

Sound right? What do you mean by display=0 ? Is this another column in the db and when querying use this in the WHERE to only display the actual things they want? Then when they say delete it changes it to 1?
I was thinking of the other way round actually , "select * from articles where .... blah AND display = 1 " - in which case you'd probably make display a null field.

That way you've always got an undo option available to you.
Post Reply