Thank you very much. Makes sense. ----- Original Message ----- From: "Curtis Maurand" <[EMAIL PROTECTED]> To: "Mulugeta Maru" <[EMAIL PROTECTED]> Cc: "Mike Johnson" <[EMAIL PROTECTED]>; "MySQL" <[EMAIL PROTECTED]> Sent: Friday, March 12, 2004 1:17 PM Subject: Re: Security
> > Usernames, passwords, and then perform the queries select ... where > customerid = "<the variable name you feed>" Its all handled by your app. > > Curtis > > On Wed, 10 Mar 2004, Mulugeta Maru wrote: > > > Hi Mike, > > > > I am sorry for the confusion I might have caused. May be it would help to > > give a clear example. > > > > Table - Customers (CustomerID, CustomerName, Address, etc) > > > > Table - Transaction(TransactionID,CustomerID,Date,Amount) > > > > Note: CustomerID in Customer Table is a Primary Key. TransactionID is a > > Primary Key and CustomerID is a Foreign Key in Transaction Table). > > > > Question: How would I be able to give my customers access to the database so > > that they can update the customer table (for example address change) and add > > transactions to the transaction table. What I do not want to happen is that > > customer A is able to modify customer B's record. > > In short how would you restrict customer a to see transactions that pertain > > to him/her. > > > > Many thanks. > > ----- Original Message ----- > > From: "Mike Johnson" <[EMAIL PROTECTED]> > > To: "MySQL" <[EMAIL PROTECTED]> > > Sent: Wednesday, March 10, 2004 4:55 PM > > Subject: RE: Security > > > > > > > From: Maru, Mulugeta [mailto:[EMAIL PROTECTED] > > > > > > > When I go online to access my bank account I only see > > > > transactions pertain to my account only. I think when ever I > > > > make a transaction the database records my account number in > > > > the transaction table. When I log-in using my account number > > > > and password the system checks whether it is correct or not > > > > and run another query to get all transaction that match my > > > > account number. > > > > > > > > Do I make sense? > > > > > > > > > (sent offlist by mistake, please excuse the dupe) > > > > > > The point being made is that you're looking at your bank account > > information in a client that is set to read records only pertaining to your > > account. > > > > > > The native mysql client is not such a program and was never intended to > > be. While you can customize access for users to certain databases or certain > > tables within those databases, it's simply not built as a multi-user > > transactional client for limiting access to data in commonly-used tables. > > > > > > It begs the question why you're giving your clients access to the native > > mysql client itself rather than developing an application to do this, in > > which you could quite easily limit such access. > > > > > > > > > -- > > > Mike Johnson > > > Web Developer > > > Smarter Living, Inc. > > > phone (617) 886-5539 > > > > > > -- > > > MySQL General Mailing List > > > For list archives: http://lists.mysql.com/mysql > > > To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] > > > > > > > > > > > > > > -- > -- > Curtis Maurand > mailto:[EMAIL PROTECTED] > http://www.maurand.com > > > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
