Hi,
I want to let the users of my web app enter plain SQL commands (for
customized reports), so, I want them to do this under a read only mysql
user so that I ensure they won’t compromise any data. But the rest of
the
application needs full r/w access.
So, how can I implement on the same app a second connection just for a
controller for example???
Thanks.
Matias wrote:
Hi,
I want to let the users of my web app enter plain SQL commands (for
customized reports), so, I want them to do this under a read only mysql
user so that I ensure they won’t compromise any data. But the rest of
the
application needs full r/w access.So, how can I implement on the same app a second connection just for a
controller for example???Thanks.
Rather than try to use two connections, why not just scrub their
incoming SQL commands for stuff like INSERT, DELETE, and UPDATE?
Better yet, build a more full-featured query designer so you have
absolute control over what they can and cannot do. Letting random users
execute SQL is pretty dangerous.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs