I have the table with username and password named 'credentials' table and 'role' table having roles of organization.I want to grant permission to that schema depending on the roles present in the table 'role' of that schema.
what i need to do?
Asked
Active
Viewed 82 times
0
-
programatically grant a user rights on a table, based on data from another table - note you must hold a "superuser" to act as a giver / taker for this cases.. check out : http://stackoverflow.com/questions/9780637/how-can-i-restrict-a-mysql-user-to-a-particular-tables – Li3ro Mar 16 '16 at 13:36
-
programatically..does it mean by using the application – Srinath Murugula Mar 16 '16 at 14:27
-
yes- I think you need an application on top of your db in order to do that.. – Li3ro Mar 16 '16 at 14:55
1 Answers
0
Do not let anyone or any application have write or even read access to the mysql database. Exception: the Admin, who preferably has access only from localhost.
This implies GRANT ... ON dbname.* TO ... is the most that you give do non-admins. (Where dbname is not mysql.)
If the application (especially a web application) gets compromised, the hacker can see whatever data that it was GRANTed. If that includes mysql, then he can fish around to for the root password and do other nasties.
I have seen such a security flaw come in via a web page, and get the unix password file!.
local_infile = ON is also a security hole waiting to be exploited. Turning it off puts a crimp in certain load mechanisms, but it is worth it for an exposed web site.
Rick James
- 135,179
- 13
- 127
- 222