Re: Easiest way to have a read only, and full access connection for models

[Jeremy Swartwood]

Ah, it wasn't clear from that page (I did read it), that :read_only was a 
pre-built already designed construct.  I thought it was just an example 
name for a server.

If I am understanding your reply, you are implying that by default 
everything uses "write", and then the sequel gem automatically uses 
":read_only" connection/server if it exists for all SELECT queries?

*I changed my connection to the below and it appears to work *(I tested by 
revoking permissions for all tables but 1):

read_options = { user: config.reader.username,

                  password: config.reader.password,

                  compress: config.compress,

                  max_connection: config.max_connections }


options = { user: config.writer.username,

            password: config.writer.password,

            compress: config.compress,

            max_connection: config.max_connections,

            servers: { read_only: read_options } }


Sequel.default_timezone = :utc


connector.connect(config.reader.connection_string, options)



Does this really add a security benefit?  It feels like an auto switch by 
type of call, instead of a white-list of connection type based on intended 
call.  Meaning, if I'm doing a select (.all, .first), and I accidently left 
something open for SQL injection or some other vulnerability, I don't want 
the sequel gem to magically just use the "Write" connection.  Or is this a 
moot point and I've over-worried?  *How would I make sure that intended 
connection type is being used?*

Thank you for the quick replies btw,
Jeremy Swartwood



On Tuesday, October 27, 2015 at 5:17:19 PM UTC-8, Jeremy Evans wrote:
>
>
> Sequel has built in support for a :read_only shard, which read-only 
> queries are sent to by default: 
> http://sequel.jeremyevans.net/rdoc/files/doc/sharding_rdoc.html
>
> So assuming you use the correct :servers option when setting up your 
> database connection, things should just work automatically.
>
> Thanks,
> Jeremy
>

-- 
You received this message because you are subscribed to the Google Groups 
"sequel-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sequel-talk+unsubscr...@googlegroups.com.
To post to this group, send email to sequel-talk@googlegroups.com.
Visit this group at http://groups.google.com/group/sequel-talk.
For more options, visit https://groups.google.com/d/optout.