Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
Elxis 5.5 Calypso supports 2 factor authentication login with e-mail or SMS.
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
Security
»
Multiple MySQL User permission changes
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multiple MySQL User permission changes (Read 5728 times)
jhouns
Newbie
Posts: 4
Multiple MySQL User permission changes
«
on:
July 14, 2012, 12:03:28 »
In light of the bug report last night I had an idea this morning. Whenever developing any smaller scale applications (my PHP isn't good enough to help with Elxis but my programming principles are fine) an individual account is used for each basic operation i.e. You have an account that's solely for searching, one that's solely for updating and you connect using each user when each command is appropriate.
During finding the
sef was unsanitised
I noticed I could query the user table from the generic query mysql account, in a similar way to using multiple accounts for multiple operations (SELECT, INSERT, etc) Why not create a mysql user solely for the use of login table access (elx_users).
so:
query@localhost - Permissions: SELECT, ALL TABLES but NOT elx_users.
userQuery@localhost - Permissions: SELECT, elx_users.
then in the relevant class that deals with login execution, connect as the userquery user, this way if there's a breach in security (say in a generic page load script) access to the user table will still be denied due to a permissions error that you can't work around (currently).
Opinions?
EDIT: Moved this edit to another thread.
«
Last Edit: July 14, 2012, 12:49:27 by jhouns
»
Logged
datahell
Elxis Team
Hero Member
Posts: 10357
Re: Multiple MySQL User permission changes
«
Reply #1 on:
July 14, 2012, 19:27:42 »
This solution is too complex for the majority of users.
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
jhouns
Newbie
Posts: 4
Re: Multiple MySQL User permission changes
«
Reply #2 on:
July 15, 2012, 00:12:20 »
A completely valid counter-proposition. Thanks for your feedback.
Logged
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
Security
»
Multiple MySQL User permission changes