Adam Alkins writes: > Sounds like you just want to GRANT access to specific tables (and with > limited commands), which is exactly what MySQL's privilege system does.
How about this part? > > Finally, suppose I want to limit access to the table to the rows > > where col1=value1. If I just add that to <wherespec> what can an > > attacker do to read other rows? The http request I have in mind will be something like https://server.foo.com?user=john&password=wxyz&;... and the resulting query something like select ... from table where user=john and ... (I will first have verified the password.) It seems I'd have to create a separate mysql user for each user in my table, and perhaps also a separate separate table (or view?) for that user to be allowed to read. I suppose the php process could create the table/view, create the user, then connect as the user to execute the query, then remove the user. Even if this turns out to be the best solution, I'm interested in the answer to the original question. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
