Re: Restricting database permissions

[Jason Beaudoin]

On Mon, Sep 7, 2009 at 10:09 AM, Thomas Guettler  wrote:

>
> I can speak only for postgres.
>
> We create the database with a special admin-account and
> the owner if the db is the admin-account. Then we grant
> insert, update, delete permissions to the django-db-user.
>
> We have a modified manage.py which let syncdb run with
> the admin-account (interactive password prompt).
>
>
Sounds fantastic! Might you be interested in posting your work?

~ Jason

--
let's end our suffering, and let go of the debts we hold over the heads of
others.
let's rejoin our brethren in the garden of eden, once again living in
paradise.

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: Restricting database permissions

[sean]

Hi Thomas,

Thank you for your suggestion.  The modified manage.py sounds like a
very good place for me to start.

Best regards,
Sean

On Mon, 2009-09-07 at 16:09 +0200, Thomas Guettler wrote:
> I can speak only for postgres.
> 
> We create the database with a special admin-account and
> the owner if the db is the admin-account. Then we grant
> insert, update, delete permissions to the django-db-user.
> 
> We have a modified manage.py which let syncdb run with
> the admin-account (interactive password prompt).
> 
> It is possible, it is more secure, but makes some trouble.
> 
> sean schrieb:
> > Hi All,
> > 
> > I am currently working on a front end to pam-mysql and nss-mysql to
> > allow the creation of linux user accounts through the web.  
> > 
> > I need to separate out permissions so that Django can read some columns
> > and not others, for instance it should have no access to the password
> > column.  
> > 
> > I need another mysql user with it's mysql password stored in a file
> > owned by root with permissions 700 to do the actual data modification -
> > so this part will need to be separate from the Django app, but called
> > from it via a passwordless sudo entry or something.
> > 
> > As Django can only connect to mysql with one user, what is the best way
> > to restrict it's permissions to the ones I want it to be able to read?
> > Can this be done at a configuration file level so that upon running
> > syncb, the permissions are in place?
> > 
> > Any pointers greatly appreciated.
> 


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: Restricting database permissions

[Thomas Guettler]

I can speak only for postgres.

We create the database with a special admin-account and
the owner if the db is the admin-account. Then we grant
insert, update, delete permissions to the django-db-user.

We have a modified manage.py which let syncdb run with
the admin-account (interactive password prompt).

It is possible, it is more secure, but makes some trouble.

sean schrieb:
> Hi All,
> 
> I am currently working on a front end to pam-mysql and nss-mysql to
> allow the creation of linux user accounts through the web.  
> 
> I need to separate out permissions so that Django can read some columns
> and not others, for instance it should have no access to the password
> column.  
> 
> I need another mysql user with it's mysql password stored in a file
> owned by root with permissions 700 to do the actual data modification -
> so this part will need to be separate from the Django app, but called
> from it via a passwordless sudo entry or something.
> 
> As Django can only connect to mysql with one user, what is the best way
> to restrict it's permissions to the ones I want it to be able to read?
> Can this be done at a configuration file level so that upon running
> syncb, the permissions are in place?
> 
> Any pointers greatly appreciated.

-- 
Thomas Guettler, http://www.thomas-guettler.de/
E-Mail: guettli (*) thomas-guettler + de

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Restricting database permissions

[sean]

Hi All,

I am currently working on a front end to pam-mysql and nss-mysql to
allow the creation of linux user accounts through the web.  

I need to separate out permissions so that Django can read some columns
and not others, for instance it should have no access to the password
column.  

I need another mysql user with it's mysql password stored in a file
owned by root with permissions 700 to do the actual data modification -
so this part will need to be separate from the Django app, but called
from it via a passwordless sudo entry or something.

As Django can only connect to mysql with one user, what is the best way
to restrict it's permissions to the ones I want it to be able to read?
Can this be done at a configuration file level so that upon running
syncb, the permissions are in place?

Any pointers greatly appreciated.

Regards,
Sean




--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---