At 1:34 AM -0700 11/16/05, [EMAIL PROTECTED] wrote:
uSQLite does not (generally) enter into the details of the query it is
passed. There is however an exception for security. uSQLite requires a
login and (depending on the user and network) assigns the user a level:
0: No access
1: Select only
2: Update/Insert only
3: Select/Update/Insert only
4: Power user
Maybe your list wasn't complete, but I notice that 'Delete' is
conspicuously absent, yet it is necessary to do many common tasks.
And before you say that it was left out from all but Power User
because of its possible destructiveness, I would say that Update is
just as destructive; an Update can blow away anything a Delete can,
if you say "update ... set foo = 0" for all fields and rows.
I suggest that levels like this make more sense from a security standpoint:
0: No access
1: Select only (read-only)
2: Insert only (non-destructive drop-box)
3: Select/Insert only (fully non-destructive read and write)
4: Select/Insert/Update/Delete only (full read-write data, no ddl)
5: Power User
-- Darren Duncan
