Re: Management API?
this is how all hosting control panels work, and tools like PHPMyadmin, so it is quite normal. Obviously you would need to make sure that the API itself is secure and password protected. On Sun, Aug 28, 2011 at 11:48 AM, Richard White rich...@j7is.co.uk wrote: Hi, i am creating a management API to manage my clients' software. The benefit is that at a click of it will setup or delete the clients databases etc... what do you guys think of the security of this as i am presuming this would need to have root access into MySQL as it needs to have the ability to create and delete databases, set grants etc... is it wrong from a security point of view to have a cf data source that accesses the root user in MySQL? thanks ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347059 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Management API?
thanks Russ :) this is how all hosting control panels work, and tools like PHPMyadmin, so it is quite normal. Obviously you would need to make sure that the API itself is secure and password protected. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347060 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Management API?
You don't need root access to MySQL at all. Just create a new API user that has the proper permissions. Better yet, create a stored procedure that gets called that does all of the appropriate tasks and let this user call that proc. Then, under the hood, the proc runs as Admin to do the various tasks. andy -Original Message- From: Richard White [mailto:rich...@j7is.co.uk] Sent: Sunday, August 28, 2011 5:48 AM To: cf-talk Subject: Management API? Hi, i am creating a management API to manage my clients' software. The benefit is that at a click of it will setup or delete the clients databases etc... what do you guys think of the security of this as i am presuming this would need to have root access into MySQL as it needs to have the ability to create and delete databases, set grants etc... is it wrong from a security point of view to have a cf data source that accesses the root user in MySQL? thanks ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347061 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Management API?
Exactly. Too many people don't know about or use the power of having different users with different levels of access. I have a database user with read only access for all functions that are query only, a different user for updates and deletes of table data, and yet another user for admin tasks like creating or deleting database objects. It requires using different data sources, but that not a difficult programming chore. On Sun, Aug 28, 2011 at 6:13 AM, andy matthews li...@commadelimited.com wrote: You don't need root access to MySQL at all. Just create a new API user that has the proper permissions. Better yet, create a stored procedure that gets called that does all of the appropriate tasks and let this user call that proc. Then, under the hood, the proc runs as Admin to do the various tasks. andy -Original Message- From: Richard White [mailto:rich...@j7is.co.uk] Sent: Sunday, August 28, 2011 5:48 AM To: cf-talk Subject: Management API? Hi, i am creating a management API to manage my clients' software. The benefit is that at a click of it will setup or delete the clients databases etc... what do you guys think of the security of this as i am presuming this would need to have root access into MySQL as it needs to have the ability to create and delete databases, set grants etc... is it wrong from a security point of view to have a cf data source that accesses the root user in MySQL? thanks ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347069 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
