Forum: Ruby on Rails two connections to the same database

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
C7d5bc5b054035d95f287797c2595694?d=identicon&s=25 Matias (Guest)
on 2006-06-10 20:19
(Received via mailing list)
Hi,

I want to let the users of my web app enter plain SQL commands (for
customized reports), so, I want them to do this under a read only mysql
user so that I ensure they won't compromise any data. But the rest of
the
application needs full r/w access.

So, how can I implement on the same app a second connection just for a
controller for example???


Thanks.
Fb23bc8cd4030c526b0689276b34c8bd?d=identicon&s=25 Bryan Duxbury (bryanduxbury)
on 2006-06-10 22:27
Matias wrote:
> Hi,
>
> I want to let the users of my web app enter plain SQL commands (for
> customized reports), so, I want them to do this under a read only mysql
> user so that I ensure they won't compromise any data. But the rest of
> the
> application needs full r/w access.
>
> So, how can I implement on the same app a second connection just for a
> controller for example???
>
>
> Thanks.

Rather than try to use two connections, why not just scrub their
incoming SQL commands for stuff like INSERT, DELETE, and UPDATE?

Better yet, build a more full-featured query designer so you have
absolute control over what they can and cannot do. Letting random users
execute SQL is pretty dangerous.
This topic is locked and can not be replied to.