Re: Restricting database permissions
On Mon, Sep 7, 2009 at 10:09 AM, Thomas Guettlerwrote: > > I can speak only for postgres. > > We create the database with a special admin-account and > the owner if the db is the admin-account. Then we grant > insert, update, delete permissions to the django-db-user. > > We have a modified manage.py which let syncdb run with > the admin-account (interactive password prompt). > > Sounds fantastic! Might you be interested in posting your work? ~ Jason -- let's end our suffering, and let go of the debts we hold over the heads of others. let's rejoin our brethren in the garden of eden, once again living in paradise. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Restricting database permissions
Hi Thomas, Thank you for your suggestion. The modified manage.py sounds like a very good place for me to start. Best regards, Sean On Mon, 2009-09-07 at 16:09 +0200, Thomas Guettler wrote: > I can speak only for postgres. > > We create the database with a special admin-account and > the owner if the db is the admin-account. Then we grant > insert, update, delete permissions to the django-db-user. > > We have a modified manage.py which let syncdb run with > the admin-account (interactive password prompt). > > It is possible, it is more secure, but makes some trouble. > > sean schrieb: > > Hi All, > > > > I am currently working on a front end to pam-mysql and nss-mysql to > > allow the creation of linux user accounts through the web. > > > > I need to separate out permissions so that Django can read some columns > > and not others, for instance it should have no access to the password > > column. > > > > I need another mysql user with it's mysql password stored in a file > > owned by root with permissions 700 to do the actual data modification - > > so this part will need to be separate from the Django app, but called > > from it via a passwordless sudo entry or something. > > > > As Django can only connect to mysql with one user, what is the best way > > to restrict it's permissions to the ones I want it to be able to read? > > Can this be done at a configuration file level so that upon running > > syncb, the permissions are in place? > > > > Any pointers greatly appreciated. > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Restricting database permissions
I can speak only for postgres. We create the database with a special admin-account and the owner if the db is the admin-account. Then we grant insert, update, delete permissions to the django-db-user. We have a modified manage.py which let syncdb run with the admin-account (interactive password prompt). It is possible, it is more secure, but makes some trouble. sean schrieb: > Hi All, > > I am currently working on a front end to pam-mysql and nss-mysql to > allow the creation of linux user accounts through the web. > > I need to separate out permissions so that Django can read some columns > and not others, for instance it should have no access to the password > column. > > I need another mysql user with it's mysql password stored in a file > owned by root with permissions 700 to do the actual data modification - > so this part will need to be separate from the Django app, but called > from it via a passwordless sudo entry or something. > > As Django can only connect to mysql with one user, what is the best way > to restrict it's permissions to the ones I want it to be able to read? > Can this be done at a configuration file level so that upon running > syncb, the permissions are in place? > > Any pointers greatly appreciated. -- Thomas Guettler, http://www.thomas-guettler.de/ E-Mail: guettli (*) thomas-guettler + de --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Restricting database permissions
Hi All, I am currently working on a front end to pam-mysql and nss-mysql to allow the creation of linux user accounts through the web. I need to separate out permissions so that Django can read some columns and not others, for instance it should have no access to the password column. I need another mysql user with it's mysql password stored in a file owned by root with permissions 700 to do the actual data modification - so this part will need to be separate from the Django app, but called from it via a passwordless sudo entry or something. As Django can only connect to mysql with one user, what is the best way to restrict it's permissions to the ones I want it to be able to read? Can this be done at a configuration file level so that upon running syncb, the permissions are in place? Any pointers greatly appreciated. Regards, Sean --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---