I want to create my site and in the page have it so that the forum pages will use the forum mysql user having privileges on mydb.forum_table, mydb_forum_table2. and the profile page to use the profile user having access to mydb.users and mydb.profiefields and so on with the photogallery, blog, chat and... is this the right way to do it! I'm thinking of principle of least privileges but I wonder why I haven't seen other big known CMS do it!
Creating a different user for each concern of my application!
94 views Asked by AudioBubble At
2
There are 2 answers
2
pascal
On
If I understand correctly, the question is about implementing module access control based on the permissions on the tables that are used by the module.
I think it would be complicated to maintain (the link between modules, and tables), and slow to have to check the permissions on each table accessed by the module.
Related Questions in SQL
- SQL schema for a fill-in-the-blank exercise
- Hibernate: JOIN inheritance question - why the need for two left joins
- What's supposed to be the problem in this query?
- Compare fields in two tables
- How to change woocomerce or full wordpress currency with value from USD to AUD
- Dynamic query creation with Array like implementation
- SQL query to get student enrolled in this month in a course - Moodle
- SQL LAG() function returning 0 for every row despite available previous rows
- Convert C# DateTime.Ticks to Bigquery DateTime Format
- Use row values from another table to select them as columns and establish relations between them (pivot table)
- SQL: Generate combination table based on source and destination column from same table
- how to use system's environnement variables in sql script
- PHP fetchAll on JOIN
- Multitable joining in Sql
- How to display name starting from 'z' by using BETWEEN cmd only?
Related Questions in MYSQL
- How to Retrieve Data from an MySQL Database and Display it in a GUI?
- How to change woocomerce or full wordpress currency with value from USD to AUD
- window.location.href redirects but is causing problems on the webpage
- Error: local variable 'bramka' referenced before assignment
- Products aren't displayed after fetching data from mysql db (node.js & express)
- status table for all entries (even in different dates) in database changing value when all checkboxes are checked
- Can't Fix Mariadb & Mysql ERROR 2002 (HY000): Can't connect to local server through socket '/tmp/mysql.sock' (2) On MacOs
- Express Mysql getting max ID from table not working cought in a promise
- failed to upload a table from sql file
- Update a MySQL row depending on the ID in Google Sheets Apps Script
- Use row values from another table to select them as columns and establish relations between them (pivot table)
- SQL: Generate combination table based on source and destination column from same table
- How to display the column names which have only unique non-null values in MySQL table?
- mysql query takes too long because of wrong indexes usage
- Multitable joining in Sql
Related Questions in DATABASE-DESIGN
- SQL schema for a fill-in-the-blank exercise
- When an E-R attribute should be perceived as a relationship attribute or as an entity set attribute?
- steps to create a web app with backend and database and web
- Use data type uuid or varchar(36) for my UUID column?
- Containing Object Design
- Many-to-many relationship between objects of the same type
- When hashing an API key, should I hash the suffix / prefix as well?
- Database design, authentication and authorization in a microservices ticketing system
- Unique index on 3 columns where NULL conflicts with all other values in one column
- Can i create a table with 2 foreign keys? These 2 foreign keys are 2 primary keys of 2 different tables
- I have a basic ms access question about a relationship between 3 tables
- how can i calculate mutual friends/followers efficiently?
- Access Table ,setting in design ,column 'Catagory' as Combobox in lookup with list "Action";"War";"Drama". in vb.net DGV and Detail how to multiselct
- Table Design for Calculating Median Over User-Defined Period from Pre-Processed Data
- Use conditional constraint or normalize table?
Related Questions in AUTHORIZATION
- Protect Server Actions with Next Auth in Next JS 14
- Set-Cookie header not forwarded by nginx to the client
- System.InvalidOperationException: The AuthorizationPolicy named: 'Admin' was not found
- Missing render HTML element for login requests from client to server
- How to get different types of authentication in Thymeleaf
- https://accounts.google.com/gsi/client missing 'Access-Control-Allow-Origin' header
- Authorization error with Django on Windows with IIS
- Role based restriction in requestMatchers in Spring Security does not receive sent Authorization header
- How do I get my Python code to pass the authorization needed for it to connect to Notion
- Integrating Okta via a Authorization Filter
- Verify Token To Login In Firebase (Aauthorization)
- When hashing an API key, should I hash the suffix / prefix as well?
- How can I implement synchronous registration on a website and a forum by linking their databases?
- Need to addlocal repo authorization to existing yaml file
- dropbox api video share_url authorization error
Related Questions in LEAST-PRIVILEGE
- How do I make all of my @RequestMapping as @PreAuthorize("isAuthenticated()") by default?
- Why is application permission granted so much privilege on Azure?
- How to follow PoLP with a cloud run application and multiple services without tight coupling
- How can I create an IAM policy on AWS Secrets Manager to grant a group least privilege access. I only grant access to secrets created or owned. Thnx(:
- Best-Practice way to run a python program that needs root privliges for subset of tasks
- Advice on giving developers capability to run explain plans in ORACLE
- I have problem with least privilege principle. incrementing a member when an object is created
- Minimum IAM permissions required to attach SG to EC2 Instance?
- CloudFormation refusing to create AWS::KMS::Key with least privilege
- I want to achieve the following using permission boundary
- Can I AutoCreate an IAM role for a Cloudformation stack from the template?
- Principle of least privilege vs User Interface Privilege Isolation
- Spinnaker User Authorization and Instance Permission Restrictions
- Principle of Least Privilege with Entity Framework
- Identity Server by leastprivilege doesn't work properly on Azure
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
One of the critical resources for a database is connections. Generally databases are configured with a maximum number of connections, an each time a process needs to make a query, it needs a connection to do so. Database connections are expensive objects to create -- they take time and memory, and most importantly, connections are established for a specific user. The generally accepted 'best practice' for web applications is for the application, when it needs a database connection, to check a pool for an available connection. If there's a free connection in the pool, the web app will pull that connection, use it as necessary, and then return it to the pool for reuse. If there are no free connections, the app will create a new one, use it, and then place it in the pool for reuse.
If you're dealing with an application that uses multiple database users (for privilege management) and you need to use connection pooling, your application will need to establish many pools (one for each user), which will usually result in your application acquiring at least one connection for each database user it is using. This is inefficient, error prone, and needlessly complex.
If you're truly intent on limiting your application's access to data, then you should probably investigate how much support your database has for views. If views are well-supported, then you can create a view (or views) that are customized to the needs any given portion of your application.
My recommendation would be to stick to a single database user, and then use the time you just freed up to do more debugging of your application. You'll get better results, and will aggravate fewer DBAs.