Afternoon Jochen,
This is a concept that I have grown to love over the last few months. Using PostgreSQL, I define all the data tables under the public schema and then provide access to the application(s) through their own schemas which contain views specific to the requirements of the application. I use a stored procedure for authenticating a user (an application user, not a database user) and then the rules in the views use this, along with some ACL tables, to distinguish what that user can see, and what they can create/return/update/delete. I guess it comes down to personal preference, but I like putting all the business logic at a database level and the PHP GUI front end is simply that - a front end. Thanks, Nathan. http://www.kennedytechnology.com Telerobotics project: http://control.kennedytechnology.com From: [email protected] [mailto:[email protected]] On Behalf Of Jochen Daum Sent: Tuesday, 28 July 2009 12:46 p.m. To: PHPUG Subject: [phpug] Increase security by mirroring business logic access rights in MySQL Hi, To increase security in a proposed application, I'm considering mirroring the PHP based access rights in MySQL. The example I have here is something like an account manager and their supervisor. Account manager would have access rights to his customer records, both checked through PHP and MySQL by-row grant access. Supervisor would have the same access rights and also to his other account managers, both checked through PHP and MySQL by-row grant access. What is everyone's opinion if this is a significant increase in security against the wrong account managers seeing customer information? Has anyone worked with rows based security on MySQL or possibly on Postgres? Speed is likely not a problem in this application, I would appreciate if it was ignored in this discussion. Kind Regards, Jochen Daum Chief Automation Officer Automatem Ltd Phone: 09 630 3425 Mobile: 021 567 853 Email: [email protected] Skype: jochendaum Website: www.automatem.co.nz http://twitter.com/automatem http://www.xing.com/go/invite/3425509.181107 __________ Information from ESET NOD32 Antivirus, version of virus signature database 4283 (20090727) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] -~----------~----~----~----~------~----~------~--~---
