On Feb 6, 2008 1:43 AM, koenb <[EMAIL PROTECTED]> wrote:
> You could take a look at the multidb branch (specifically check out
> ticket #4747). It is a bit behind on trunk, but the basics should
> work. It allows you to define multiple connections, so you should be
> able to connect to the same
You could take a look at the multidb branch (specifically check out
ticket #4747). It is a bit behind on trunk, but the basics should
work. It allows you to define multiple connections, so you should be
able to connect to the same db using different users.
Koen
On 5 feb, 23:47, Julien <[EMAIL
Thanks guys for the suggestions.
However, what I'd like to have is that the site runs as per usual with
a root user (with all priviledges), and that only one particular apps
runs with a read-only user. Do I have to create a new connection
object within my app code to override Django's, is it
On 4 Feb 2008, at 1:59 am, Julien wrote:
> I totally understand what you suggest, having a RO user at the
> database (in this case MySQL) level.
> But I am fairly new to Django and Python, and I am unsure how to
> implement that dual-setting option.
In the devlopment server you can do
On Feb 3, 2008 7:59 PM, Julien <[EMAIL PROTECTED]> wrote:
> Could you please indicate how to do this?
Once again, either:
1. Set up a second Django settings file, fill in the read-only user
there, and use that settings file for the site that your clients use.
2. Write your custom query method
Oops! Didn't think of that!
Thanks, guys, for spotting the mistake.
I totally understand what you suggest, having a RO user at the
database (in this case MySQL) level.
But I am fairly new to Django and Python, and I am unsure how to
implement that dual-setting option.
I was thinking, maybe
> I found a trick that works for my use case. I just don't execute if
> it's not a SELECT request. I do the test like so:
>
> def execute(self):
> if self.sql.split()[0].lower() != 'select':
> return 'You can only execute SELECT queries.'
>
So the user puts
On Feb 3, 2008 6:37 AM, Julien <[EMAIL PROTECTED]> wrote:
> I found a trick that works for my use case. I just don't execute if
> it's not a SELECT request. I do the test like so:
Things your filter doesn't catch:
* PostgreSQL's table-creating SELECT INTO statement.
* Any "query" which consists
Hi again,
I found a trick that works for my use case. I just don't execute if
it's not a SELECT request. I do the test like so:
def execute(self):
if self.sql.split()[0].lower() != 'select':
return 'You can only execute SELECT queries.'
On Feb 3, 9:29 pm,
Thanks James,
I thought about that, but how could I use that read-only user just in
that Query.execute() function?
Cheers,
Julien
On Feb 3, 9:11 pm, "James Bennett" <[EMAIL PROTECTED]> wrote:
> On Feb 3, 2008 4:00 AM, Julien <[EMAIL PROTECTED]> wrote:
>
> > What should I change to force the
On Feb 3, 2008 4:00 AM, Julien <[EMAIL PROTECTED]> wrote:
> What should I change to force the read-only access?
Create a new database-level user, and grant that user SELECT but
nothing else. Then fill in those credentials in the settings file used
by the site. You can always set up a read/write
Hello there,
Is it possible to force database access to be read-only when executing
custom SQL?
I want to make a simple admin application that lets my clients execute
some SQL code (only "SELECT" queries, so they can pull out some data
when they need). I don't want them to mess up the database
12 matches
Mail list logo
