From: tedd on
At 11:19 AM +0100 9/24/10, Tom Barrett wrote:
>On 22 September 2010 21:40, Bastien Koert <phpster(a)gmail.com> wrote:
>
>> Not at all. What I would suggest is that you create a separate mysql
>> user that is used exclusively by the script to do the create stuff.
>> The regular application user account should not have those privileges
>> at all.
>>
>
>I'm not actually that familiar with DB admin to that extent. I have either
>app users with lock+crud on specific databases, or root. As a an aside,
>would you know if there is a level of permissions for a user between app and
>root that would be 'sensibly secure' (it will be MySQL 5)?
>
>
>> Another option, if immediate response is not required, is to save this
>> data into the system for a cron script with another user account to
>> run.
>>
>
>This was sort of my first instinct. I ponder writing a small daemon/cron
>that queries a database table (client list) and does all the 'build' bits.
>The main issue with cron is that the users would want a fairly immediate
>response. Seconds is acceptable, but a 5 minute cron might be too slow.
>
>
>> Is there a reason for you not to place all the data in one DB and just
>> separate them out based on user id, to ensure they only see their own
>> data
>>
>
>For legal reasons. Each client must have separate data. I need to be able to
>box up all the client data (containing multiple app instances) and be 100%
>sure that I am giving them all their data and nobody else's.
>
>On 23 September 2010 18:04, tedd <tedd.sperling(a)gmail.com> wrote:
>
>> No, but from what you've said, I don't think the end user must have
>> privileges and the ability to create a database and tables. It sounds more
>> like allowing the user to set up his own admin for acceptable users --
>> there's a big difference.
>>
>> So, what you need to define is what the client and his users want to do.
>> From that, we can determine what they need.
>
>
>Depending on what you mean by 'the client', all the client side things are
>fine :)
>The web front-end I am working on here is for internal use only. To allow
>non-technical people to set up clients and their apps.
>
>The more I look into this, the more I am leaning towards some shell scripts
>for client management, invoking them by cron. Then if an immediate response
>is needed someone technical will have to manually run the cron job. It looks
>like the law of diminishing returns for me to build something really usable.

The more I hear, the more confused I get.

I still don't understand what your client is going to do?

Cheers,

tedd

--
-------
http://sperling.com/
From: Bastien Koert on
On Fri, Sep 24, 2010 at 2:05 PM, tedd <tedd.sperling(a)gmail.com> wrote:
> At 11:19 AM +0100 9/24/10, Tom Barrett wrote:
>>
>> On 22 September 2010 21:40, Bastien Koert <phpster(a)gmail.com> wrote:
>>
>>>  Not at all. What I would suggest is that you create a separate mysql
>>>  user that is used exclusively by the script to do the create stuff.
>>>  The regular application user account should not have those privileges
>>>  at all.
>>>
>>
>> I'm not actually that familiar with DB admin to that extent. I have either
>> app users with lock+crud on specific databases, or root. As a an aside,
>> would you know if there is a level of permissions for a user between app
>> and
>> root that would be 'sensibly secure' (it will be MySQL 5)?
>>
>>
>>>  Another option, if immediate response is not required, is to save this
>>>  data into the system for a cron script with another user account to
>>>  run.
>>>
>>
>> This was sort of my first instinct. I ponder writing a small daemon/cron
>> that queries a database table (client list) and does all the 'build' bits.
>> The main issue with cron is that the users would want a fairly immediate
>> response. Seconds is acceptable, but a 5 minute cron might be too slow.
>>
>>
>>>  Is there a reason for you not to place all the data in one DB and just
>>>  separate them out based on user id, to ensure they only see their own
>>>  data
>>>
>>
>> For legal reasons. Each client must have separate data. I need to be able
>> to
>> box up all the client data (containing multiple app instances) and be 100%
>> sure that I am giving them all their data and nobody else's.
>>
>> On 23 September 2010 18:04, tedd <tedd.sperling(a)gmail.com> wrote:
>>
>>>  No, but from what you've said, I don't think the end user must have
>>>  privileges and the ability to create a database and tables. It sounds
>>> more
>>>  like allowing the user to set up his own admin for acceptable users --
>>>  there's a big difference.
>>>
>>>  So, what you need to define is what the client and his users want to do.
>>>  From that, we can determine what they need.
>>
>>
>> Depending on what you mean by 'the client', all the client side things are
>> fine :)
>> The web front-end I am working on here is for internal use only. To allow
>> non-technical people to set up clients and their apps.
>>
>> The more I look into this, the more I am leaning towards some shell
>> scripts
>> for client management, invoking them by cron. Then if an immediate
>> response
>> is needed someone technical will have to manually run the cron job. It
>> looks
>> like the law of diminishing returns for me to build something really
>> usable.
>
> The more I hear, the more confused I get.
>
> I still don't understand what your client is going to do?
>
> Cheers,
>
> tedd
>
> --
> -------
> http://sperling.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

@tedd,

He wants not techie users to create new systems for their clients when
they sign up. It involves creating a DB and he's wondering about
security for that. The main part of the app needs the least priv's to
run (select, update, insert [,delete]) while the creating the DB
obviously takes more. The OP was asking how to best handle that since
the he didn't want to give the main app DB user account more privs
than needed.

--

Bastien

Cat, the other other white meat
From: tedd on
At 2:09 PM -0400 9/24/10, Bastien Koert wrote:
>
>@tedd,
>
>He wants not techie users to create new systems for their clients when
>they sign up. It involves creating a DB and he's wondering about
>security for that. The main part of the app needs the least priv's to
>run (select, update, insert [,delete]) while the creating the DB
>obviously takes more. The OP was asking how to best handle that since
>the he didn't want to give the main app DB user account more privs
>than needed.

Okay, what does creating "new systems for their clients" mean?

What I want to know is specifically what these non-techie users intend to do?

Please don't answer that they want to set up accounts for their
clients because that is meaningless to me. That could mean anything.

So, what specifically are these non-techie users going to do?

Cheers,

tedd


--
-------
http://sperling.com/
From: Bastien Koert on
On Fri, Sep 24, 2010 at 2:26 PM, tedd <tedd.sperling(a)gmail.com> wrote:
> At 2:09 PM -0400 9/24/10, Bastien Koert wrote:
>>
>> @tedd,
>>
>> He wants not techie users to create new systems for their clients when
>> they sign up. It involves creating a DB and he's wondering about
>> security for that. The main part of the app needs the least priv's to
>> run (select, update, insert [,delete]) while the creating the DB
>> obviously takes more. The OP was asking how to best handle that since
>> the he didn't want to give the main app DB user account more privs
>> than needed.
>
> Okay, what does creating "new systems for their clients" mean?
>
> What I want to know is specifically what these non-techie users intend to
> do?
>
> Please don't answer that they want to set up accounts for their clients
> because that is meaningless to me. That could mean anything.
>
> So, what specifically are these non-techie users going to do?
>
> Cheers,
>
> tedd
>
>
> --
> -------
> http://sperling.com/
>

Create a DB schema, create and populate tables.

--

Bastien

Cat, the other other white meat
From: tedd on
At 2:36 PM -0400 9/24/10, Bastien Koert wrote:
>On Fri, Sep 24, 2010 at 2:26 PM, tedd <tedd.sperling(a)gmail.com> wrote:
>> At 2:09 PM -0400 9/24/10, Bastien Koert wrote:
>>>
>>> @tedd,
>>>
>>> He wants not techie users to create new systems for their clients when
>>> they sign up. It involves creating a DB and he's wondering about
>>> security for that. The main part of the app needs the least priv's to
>>> run (select, update, insert [,delete]) while the creating the DB
>>> obviously takes more. The OP was asking how to best handle that since
>>> the he didn't want to give the main app DB user account more privs
>>> than needed.
>>
>> Okay, what does creating "new systems for their clients" mean?
>>
>> What I want to know is specifically what these non-techie users intend to
>> do?
>>
>> Please don't answer that they want to set up accounts for their clients
>> because that is meaningless to me. That could mean anything.
>>
> > So, what specifically are these non-techie users going to do?
>
>Create a DB schema, create and populate tables.

Creating a DB schema is not for non-techies -- you really need to
know what you are doing to do this.

But we all live with what we create.

Cheers,

tedd

--
-------
http://sperling.com/