Hi again,
I found a trick that works for my use case. I just don't execute if
it's not a SELECT request. I do the test like so:
def execute(self):
if self.sql.split()[0].lower() != 'select':
return 'You can only execute SELECT queries.'
....
On Feb 3, 9:29 pm, Julien <[EMAIL PROTECTED]> wrote:
> Thanks James,
>
> I thought about that, but how could I use that read-only user just in
> that Query.execute() function?
>
> Cheers,
>
> Julien
>
> On Feb 3, 9:11 pm, "James Bennett" <[EMAIL PROTECTED]> wrote:
>
> > On Feb 3, 2008 4:00 AM, Julien <[EMAIL PROTECTED]> wrote:
>
> > > What should I change to force the read-only access?
>
> > Create a new database-level user, and grant that user SELECT but
> > nothing else. Then fill in those credentials in the settings file used
> > by the site. You can always set up a read/write "real" administrative
> > area for yourself with a different settings file and different
> > database credentials.
>
> > --
> > "Bureaucrat Conrad, you are technically correct -- the best kind of
> > correct."
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
