On Aug 8, 9:49 am, Stephen Bunn <[EMAIL PROTECTED]> wrote: > I know it obviously needs to be able to execute SELECT, UPDATE, and > INSERT statements, but what about ALTER? SHOW? does it need to create > views? create indexes? what about locking tables and creating temporary > tables?
The true minimum permissions for your DB are not dependent entirely on Django -- what you plan to do with the particular application you build using Django is just as important. Obviously, when you run syncdb to create tables from ORM, you are going to need to give the django user CREATE permission. Don't know if there are cases where it would use ALTER. Once the tables are created, you can revoke the user's CREATE, ALTER, and DROP perms. All tables are going to need SELECT; so far as I know, none of them are going to need SHOW. Most tables will need INSERT, but not necessarily all -- suppose you have a table that is populated by a different app, and all Django does is consume the data. You may or may not need DELETE for any given table, again depending on how you plan to use it. As with any serious security issue, there is no quick easy right answer. The safe bet is always assume your setup is insecure, unless you have solid reason to believe otherwise. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---