Exactly. Too many people don't know about or use the power of having different users with different levels of access. I have a database user with read only access for all functions that are query only, a different user for updates and deletes of table data, and yet another user for admin tasks like creating or deleting database objects. It requires using different data sources, but that not a difficult programming chore.
On Sun, Aug 28, 2011 at 6:13 AM, andy matthews <[email protected]> wrote: > > You don't need root access to MySQL at all. Just create a new API user that > has the proper permissions. Better yet, create a stored procedure that gets > called that does all of the appropriate tasks and let this user call that > proc. Then, under the hood, the proc runs as Admin to do the various tasks. > > > > andy > > -----Original Message----- > From: Richard White [mailto:[email protected]] > Sent: Sunday, August 28, 2011 5:48 AM > To: cf-talk > Subject: Management API? > > > Hi, > i am creating a management API to manage my clients' software. > > The benefit is that at a click of it will setup or delete the clients > databases etc... > > what do you guys think of the security of this as i am presuming this would > need to have root access into MySQL as it needs to have the ability to > create and delete databases, set grants etc... > > is it wrong from a security point of view to have a cf data source that > accesses the root user in MySQL? > > thanks > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347069 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
