Path: csiph.com!usenet.pasdenom.info!dedibox.gegeweb.org!gegeweb.eu!nntpfeed.proxad.net!proxad.net!feeder1-2.proxad.net!usenet-fr.net!nerim.net!novso.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.008 X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'column': 0.07; 'permissions': 0.07; 'read-only': 0.07; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'restriction': 0.09; "wouldn't": 0.11; "(i'm": 0.16; '(setting': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'shelf)': 0.16; 'tables,': 0.16; 'though)': 0.16; 'mon,': 0.16; 'restrictions': 0.17; 'feb': 0.19; 'permission': 0.20; "i'd": 0.22; 'absolute': 0.23; 'tables': 0.23; 'creating': 0.26; 'select': 0.26; 'header:X-Complaints-To:1': 0.28; 'chris': 0.28; 'books': 0.30; 'system,': 0.32; 'url:home': 0.33; 'to:addr:python-list': 0.33; 'especially': 0.35; 'table': 0.35; 'subject:?': 0.35; 'received:org': 0.36; 'but': 0.36; 'too': 0.36; 'charset:us-ascii': 0.36; 'level': 0.37; 'subject:: ': 0.38; 'sure': 0.38; 'to:addr:python.org': 0.39; 'skip:" 10': 0.40; 'header:Received:5': 0.40; 'think': 0.40; 'easy': 0.60; 'grab': 0.64; 'risk': 0.66; 'account': 0.67; '2013': 0.84; 'everything,': 0.84; 'situations,': 0.84; 'subject:over': 0.84; 'we?': 0.84; 'dennis': 0.91; 'received:108': 0.91 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Dennis Lee Bieber Subject: Re: PyQT app accessible over network? Date: Mon, 25 Feb 2013 18:26:39 -0500 Organization: > Bestiaria Support Staff < References: <20130222164513.9377097f0cf2add2a6d16204@gmx.net> <20130224153134.4cab73a958ac7d1af476ae3d@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: adsl-108-68-179-155.dsl.klmzmi.sbcglobal.net X-Newsreader: Forte Agent 3.3/32.846 X-No-Archive: YES X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 26 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1361834809 news.xs4all.nl 6924 [2001:888:2000:d::a6]:41369 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:39916 On Mon, 25 Feb 2013 17:35:44 +1100, Chris Angelico declaimed the following in gmane.comp.python.general: > It may take a lot of work to get the permissions down to their > absolute minimum, but one easy "half-way house" would be to create a > read-only user - SELECT permission on everything, no other perms. Not > applicable to all situations, but when it is, it's an easy way to > manage the risk of compromise. > I think I'd recommend that even this read permission be limited to the tables required by the application... Wouldn't want someone to "accidentally" read the database user account tables, would we? MySQL's permission system, as I recall (I'm too lazy to grab one of the five MySQL reference books on my shelf) can be set for "database", "table", and "column" levels. (Setting permissions at the column level would be painful, IMO -- especially if one has a goodly number of tables with lots of fields; Creating a view and using a table level restriction may be better -- not sure if MySQL views honor the access restrictions though) -- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/