PyQT app accessible over network?
Chris Angelico
rosuav at gmail.com
Tue Feb 26 01:26:48 EST 2013
On Tue, Feb 26, 2013 at 10:26 AM, Dennis Lee Bieber
<wlfraed at ix.netcom.com> wrote:
> On Mon, 25 Feb 2013 17:35:44 +1100, Chris Angelico <rosuav at gmail.com>
> declaimed the following in gmane.comp.python.general:
>> It may take a lot of work to get the permissions down to their
>> absolute minimum, but one easy "half-way house" would be to create a
>> read-only user - SELECT permission on everything, no other perms. Not
>> applicable to all situations, but when it is, it's an easy way to
>> manage the risk of compromise.
>>
> I think I'd recommend that even this read permission be limited to
> the tables required by the application... Wouldn't want someone to
> "accidentally" read the database user account tables, would we?
Of course; once you have the concept of divided access levels, you can
take it whereever you like. But some systems don't even HAVE "database
user account tables" as such; look at this site:
http://rosuav.com/1/
That's an old PHP-based site of mine, originally done in MySQL, now
using PostgreSQL but not as yet moved off PHP. In index.php, the
database connection has read-only access; there's a separate page that
lets me log in using higher database credentials, and thus gain the
power to add/edit entries. It's fine for the read-only user to have
access to every table, because there's really only one table (not
counting statistics).
ChrisA
More information about the Python-list
mailing list