On 8 April 2015 at 04:10, Frank2016 <[email protected]> wrote: > Hi, > I am a beginner for Rails. I just studied the GUIDE and did some exercises > (https://www.railstutorial.org/book). However I have one concern. Rails uses > ONE ID (usually is ROOT) to do everything on database, such as DB migration, > application accesses database, etc.
It should certainly not be root. That is entirely up to you to specify. > This architecture raises a security > concern, especially the cyber attack is happening so often nowadays. > Although RAILS has strong parameters feature but once a hacker is hacking > into database, hacker has total control on the database. Is a way to use one > ID for database migration (i.e. database schema owner) and another ID for > application access (to database)? The ID for application to access database > should have limited privileges. > > Does anyone know a way to implement one ID to do the database migration and > another ID to access database? Share your solution will be appreciated. I think once a hacker has any write access to the database you are doomed anyway. The user name should only allow him access to the one database. Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAL%3D0gLsyGNVYNK3Ja0HWq5%2Bd82uxHHUc9AeEUrE-Dkw3zLRirA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
