Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #39934
| References | (5 earlier) <20130224153134.4cab73a958ac7d1af476ae3d@gmx.net> <CAPTjJmrw7DvmdL3K8GqqYG1aexDWavo_LHZXcVG=hF_zJa2mWw@mail.gmail.com> <kgevgi$n8g$1@ger.gmane.org> <CAPTjJmr-XN0yuqyraYYs1X19k=Yo5JvVq1sGPWgqMFJntZg+sA@mail.gmail.com> <hgsni8dcjo7ahk7gho028nq744au7iaghu@invalid.netcom.com> |
|---|---|
| Date | 2013-02-26 17:26 +1100 |
| Subject | Re: PyQT app accessible over network? |
| From | Chris Angelico <rosuav@gmail.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.2535.1361860012.2939.python-list@python.org> (permalink) |
On Tue, Feb 26, 2013 at 10:26 AM, Dennis Lee Bieber <wlfraed@ix.netcom.com> wrote: > On Mon, 25 Feb 2013 17:35:44 +1100, Chris Angelico <rosuav@gmail.com> > declaimed the following in gmane.comp.python.general: >> It may take a lot of work to get the permissions down to their >> absolute minimum, but one easy "half-way house" would be to create a >> read-only user - SELECT permission on everything, no other perms. Not >> applicable to all situations, but when it is, it's an easy way to >> manage the risk of compromise. >> > I think I'd recommend that even this read permission be limited to > the tables required by the application... Wouldn't want someone to > "accidentally" read the database user account tables, would we? Of course; once you have the concept of divided access levels, you can take it whereever you like. But some systems don't even HAVE "database user account tables" as such; look at this site: http://rosuav.com/1/ That's an old PHP-based site of mine, originally done in MySQL, now using PostgreSQL but not as yet moved off PHP. In index.php, the database connection has read-only access; there's a separate page that lets me log in using higher database credentials, and thus gain the power to add/edit entries. It's fine for the read-only user to have access to every table, because there's really only one table (not counting statistics). ChrisA
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
PyQT app accessible over network? Monte Milanuk <memilanuk@gmail.com> - 2013-02-21 08:22 -0800
Re: PyQT app accessible over network? Wolfgang Keller <feliphil@gmx.net> - 2013-02-22 16:45 +0100
Re: PyQT app accessible over network? Monte Milanuk <memilanuk@gmail.com> - 2013-02-22 08:50 -0800
Re: PyQT app accessible over network? Wolfgang Keller <feliphil@gmx.net> - 2013-02-24 15:30 +0100
Re: PyQT app accessible over network? Alec Taylor <alec.taylor6@gmail.com> - 2013-02-23 03:57 +1100
Re: PyQT app accessible over network? Monte Milanuk <memilanuk@gmail.com> - 2013-02-22 13:49 -0800
Re: PyQT app accessible over network? Michael Torrie <torriem@gmail.com> - 2013-02-22 16:37 -0700
Re: PyQT app accessible over network? Wolfgang Keller <feliphil@gmx.net> - 2013-02-24 15:31 +0100
Re: PyQT app accessible over network? Chris Angelico <rosuav@gmail.com> - 2013-02-25 01:58 +1100
Re: PyQT app accessible over network? Frank Millman <frank@chagford.com> - 2013-02-25 08:14 +0200
Re: PyQT app accessible over network? Chris Angelico <rosuav@gmail.com> - 2013-02-25 17:35 +1100
Re: PyQT app accessible over network? Frank Millman <frank@chagford.com> - 2013-02-25 10:02 +0200
Re: PyQT app accessible over network? Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-02-25 18:26 -0500
Re: PyQT app accessible over network? Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-02-25 18:32 -0500
Re: PyQT app accessible over network? Chris Angelico <rosuav@gmail.com> - 2013-02-26 17:26 +1100
Re: PyQT app accessible over network? Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-02-22 19:20 -0500
Re: PyQT app accessible over network? Chris Angelico <rosuav@gmail.com> - 2013-02-23 11:32 +1100
Re: PyQT app accessible over network? Alec Taylor <alec.taylor6@gmail.com> - 2013-02-24 20:00 +1100
csiph-web