On Apr 9, 10:57 pm, Phoenix Rising <[email protected]> wrote:
> I'm writing a customer-facing application that's responsible for
> obtaining extremely sensitive data, much to my dismay and despite my
> vehement protests. Long story short, to stay in compliance with
> various policies, and because I'm insanely paranoid, I'll need to
> capture this user data and write it into a SECOND database as a user
> who has ONLY the "insert" privilege.
>
Have you looked at the masochism plugin ? It allows you to split reads
and writes to two different db servers. The intent is to deal with the
pattern where you write to the database master and from the slave(s),
but it might also be useful in your case.
Fred
> Database 1: Contains application data (inventory, e-commerce based
> stuff, etc.) - Primary Rails Application DB
> Database 2: Rails app connects as a user with only one privilege:
> insert.
>
> I whipped up a quick test using MySQL and Rails 2.2.2 (I haven't
> upgraded yet, but I will when this project is finished). I created a
> simple "users" table manually without an AR Migration, and then fired
> up script/console and executed "@u = User.new". It complained that
> the SELECT privilege was denied (which is the point).
>
> Obviously it needs SELECT to find out which fields - or methods - to
> assign to the User model (in this case). Is there any way I can
> achieve basic AR functionality (AR.save and AR.new, as well as
> AR.some_method = value) without giving this user SELECT privileges?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
