I do know why need row by row security, that seems too much. How about use View?
regards, anru On Jul 28, 2009, at 12:46 PM, Jochen Daum wrote: > Hi, > > To increase security in a proposed application, I'm considering > mirroring the PHP based access rights in MySQL. The example I have > here is something like an account manager and their supervisor. > > Account manager would have access rights to his customer records, > both checked through PHP and MySQL by-row grant access. > Supervisor would have the same access rights and also to his other > account managers, both checked through PHP and MySQL by-row grant > access. > > What is everyone's opinion if this is a significant increase in > security against the wrong account managers seeing customer > information? Has anyone worked with rows based security on MySQL or > possibly on Postgres? > > Speed is likely not a problem in this application, I would > appreciate if it was ignored in this discussion. > > > Kind Regards, > > Jochen Daum > > Chief Automation Officer > Automatem Ltd > > Phone: 09 630 3425 > Mobile: 021 567 853 > Email: [email protected] > Skype: jochendaum > Website: www.automatem.co.nz > http://twitter.com/automatem > http://www.xing.com/go/invite/3425509.181107 > > > --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] -~----------~----~----~----~------~----~------~--~---
