Re: Limiting privileges
From: Jerry Stuckle <jstucklex_at_attglobal.net>
Date: Fri, 18 Dec 2015 12:55:45 -0500
Message-ID: <n51h5s$mte$1_at_dont-email.me>
>
> OK thanks for that. I think the best option is to create a 'real' table
> in place of the temporary one, with the columns defined but no data. Then
> at the end of the script issue a TRUNCATE command so that the next user
> gets an empty table to start with. FWIW does 'TRUNCATE IF EXISTS' work?
>
> Also FWIW this is the page that calls the script
>
> www.u3a.org.je/diary.php
>
> which works just fine but I'm uncomfortable with the extent of the
> privileges that have to be granted to the 'public' user (CREATE, DROP,
> INSERT etc.). Now if they could be granted only to the (presently
> TEMPORARY) table I'd be a lot happier. Or am I being paranoid?
>
Date: Fri, 18 Dec 2015 12:55:45 -0500
Message-ID: <n51h5s$mte$1_at_dont-email.me>
On 12/18/2015 12:25 PM, Derek Turner wrote:
> On Fri, 18 Dec 2015 10:41:15 -0500, Jerry Stuckle wrote:
>
>> Ah, I missed the "temporary table". I shouldn't read so quickly! :) >> >> You can't grant to a table which doesn't exist. But if you create it as >> a temporary table, it will only exist as long as the creating session is >> alive, and will only be accessible by that session. >> >> If you want to let another user access it, you must create a real table, >> then grant access to that user. Once you're done, you can delete the >> table.
>
> OK thanks for that. I think the best option is to create a 'real' table
> in place of the temporary one, with the columns defined but no data. Then
> at the end of the script issue a TRUNCATE command so that the next user
> gets an empty table to start with. FWIW does 'TRUNCATE IF EXISTS' work?
>
> Also FWIW this is the page that calls the script
>
> www.u3a.org.je/diary.php
>
> which works just fine but I'm uncomfortable with the extent of the
> privileges that have to be granted to the 'public' user (CREATE, DROP,
> INSERT etc.). Now if they could be granted only to the (presently
> TEMPORARY) table I'd be a lot happier. Or am I being paranoid?
>
You'll have a real problem if two people access the script at the same time. Not good.
The real question here is - what are you trying to accomplish? My thoughts are that you're going about this the wrong way.
-- ================== Remove the "x" from my email address Jerry Stuckle jstucklex_at_attglobal.net ==================Received on Fri Dec 18 2015 - 18:55:45 CET