Akopia Akopia Services
[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

[mv] Re: SQL/mysql permissions problem

On Mar 2, Colin Mitchell wrote:
>Now, my problem is this.  I am using minivend's internal SQL support to do
>the insert into the database.  Since mySQL has a pretty decent permissions
>system, I figured that I would setup a user that can only insert into the
>database.  This way, if that password is compromised, I don't care too much.
>And since it's stored in cleartext in the minivend config file, I could see
>it being compromised.  Anyways, I had no luck setting up an insert-only
>user, because it looks like minivend tries to do a SELECT to make sure that
>it can hit the database.  When I setup mySQL to allow the user to do the
>select, everything works fine, but it isn't secure anymore.  I'd really
>rather not have it work this way if at all possible.

Try using the 
Database dbname NAME code name ...
and
Database dbname COLUMN_DEF code int ...
directives.  This *may* keep minivend from doing a select to get the
table meta data.

Dan
-- 
 Dan Busarow                                                  949 443 4172
 Dana Point Communications, Inc.                            dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82


_______________________________________________
Minivend-users mailing list
Minivend-users@minivend.com
http://lists.akopia.com/mailman/listinfo/minivend-users
Search for: Match: Format: Sort by: