0

In one of my codebases, I have a table with sensitive user information. Some users might want to alter this user information using their usual username and password -- no external authenticator needed. Some users might only want to alter this user information using a Google authenticator app. Some users might only want to alter this information by means of text message. Still others might want to use a private key signature to alter this sensitive information. And lastly, I have a custom security challenge I'd like to give users the option to provide. Consider this to be a frequent thing that users do when browsing the site.

Is there any way that I can easily have a mysql trigger a sort of security pop-up with the required challenge every time certain users want to modify this information? It is the part about having a mysql trigger communicate back to laravel that is giving me trouble. I know that I could go through each function that modifies this table and input the pop-up script manually, but since there are numerous developers working on this codebase, it might be safer to have this as the lowest level possible.

I was just wondering if there was a way for a mysql trigger to "pause" and wait for some type of verification before executing the command, without destroying everything else about the database.

nick carraway
  • 212
  • 2
  • 15
  • You should be doing this at application level instead of database level. – Chetan Oct 25 '18 at 13:23
  • i figured this would be a stupid question as written because of course mysql databases will get clogged pausing connections like that and waiting for verification. But i am also open to outside the box ideas – nick carraway Oct 25 '18 at 13:32
  • This basically require you to create an application where user first need to login using one of the authentication mechanisms you mentioned. After login user can see the data and change the data. You also can control which user can only see the data and which user can change the data. All this via application code. – Chetan Oct 25 '18 at 13:40
  • Unfortunately that is not sufficient for a decentralized application. For the application to be decentralized signatures are needed that constitute every data change, where the authentication is held entirely by the user – nick carraway Oct 25 '18 at 14:08
  • I may try this: Set up a mysql trigger to create an HTTP request to the laravel application. Use some websockets or other magic to display a pop-up to the user. Wait for response from HTTP request / coming back from the user. Cancel trigger if it doesn't reply within ~30 seconds. – nick carraway Oct 25 '18 at 14:12
  • Relevant 1: https://stackoverflow.com/questions/16195894/call-external-script-with-mysql-trigger-whitout-sys-exec-on-ubuntu-armhf Relevant 2: https://stackoverflow.com/questions/2981930/mysql-trigger-to-prevent-insert-under-certain-conditions/22489342#22489342 – nick carraway Oct 25 '18 at 14:30

0 Answers0