On Wed, Sep 22, 2010 at 4:35 PM, Tom Barrett <tom@xxxxxxxxxxxxxxx> wrote: > Hmm.. > > I am familiar with PMA. I would for the purpose of this project consider it > too technical for the target user base. The point is to create a GUI layer > that would manage these things. > > For example, the 'add client' screen would ask for four things; name, > description, username and password. Then behind the scenes a database would > be created, the user created, permissions granted and a pre-configure set of > tables built (and populated). > > My reservations come from security issues (which, as an aside, are also > discussed about PMA), allowing a normal user account CREATE and GRANT on the > database. > > Maybe I'm being too fuddy-duddy cautious. > Not at all. What I would suggest is that you create a separate mysql user that is used exclusively by the script to do the create stuff. The regular application user account should not have those privileges at all. Another option, if immediate response is not required, is to save this data into the system for a cron script with another user account to run. Is there a reason for you not to place all the data in one DB and just separate them out based on user id, to ensure they only see their own data? -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
