Dennis Gearon wrote: > So it involves preventing the PHP module from using files that the > initial user of the executing PHP file doesn't have permission for, that > probably DOES have to be in mod-midgard, unless the files were ALL > encrypted and the user needed the code word for each role to unecrypt > it. SLOW. OTOH, if it were done in ORACLE, then each user would have the > user permissions of their ORACLE account, sub/account and thaat could > block it. I wonder what the permission scheme of MySQL is by comparison. > > Instead of making the server do the permissions, make the database do > it!
Yep, I've been thinking about that too. Unfortunately, MySQL implements user permissions by a single, dedicated mysql database, so in order to give a host manager the proper priveleges to manage users, you'd have to give him modify access to the MySQL permissions database. I don't think you want to go there. Plus, having the database regulate access doesn't solve everything. MySQL, for example, only has table-level access controls, whereas in Midgard we want to do row-level access control. Emile --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
