I''m writing a customer-facing application that''s responsible for obtaining extremely sensitive data, much to my dismay and despite my vehement protests. Long story short, to stay in compliance with various policies, and because I''m insanely paranoid, I''ll need to capture this user data and write it into a SECOND database as a user who has ONLY the "insert" privilege. Database 1: Contains application data (inventory, e-commerce based stuff, etc.) - Primary Rails Application DB Database 2: Rails app connects as a user with only one privilege: insert. I whipped up a quick test using MySQL and Rails 2.2.2 (I haven''t upgraded yet, but I will when this project is finished). I created a simple "users" table manually without an AR Migration, and then fired up script/console and executed "@u = User.new". It complained that the SELECT privilege was denied (which is the point). Obviously it needs SELECT to find out which fields - or methods - to assign to the User model (in this case). Is there any way I can achieve basic AR functionality (AR.save and AR.new, as well as AR.some_method = value) without giving this user SELECT privileges? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung
2009-Apr-09 23:08 UTC
Re: ActiveRecord.save With No SELECT Privileges (MySQL)
On Apr 9, 10:57 pm, Phoenix Rising <PolarisRis...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I''m writing a customer-facing application that''s responsible for > obtaining extremely sensitive data, much to my dismay and despite my > vehement protests. Long story short, to stay in compliance with > various policies, and because I''m insanely paranoid, I''ll need to > capture this user data and write it into a SECOND database as a user > who has ONLY the "insert" privilege. >Have you looked at the masochism plugin ? It allows you to split reads and writes to two different db servers. The intent is to deal with the pattern where you write to the database master and from the slave(s), but it might also be useful in your case. Fred> Database 1: Contains application data (inventory, e-commerce based > stuff, etc.) - Primary Rails Application DB > Database 2: Rails app connects as a user with only one privilege: > insert. > > I whipped up a quick test using MySQL and Rails 2.2.2 (I haven''t > upgraded yet, but I will when this project is finished). I created a > simple "users" table manually without an AR Migration, and then fired > up script/console and executed "@u = User.new". It complained that > the SELECT privilege was denied (which is the point). > > Obviously it needs SELECT to find out which fields - or methods - to > assign to the User model (in this case). Is there any way I can > achieve basic AR functionality (AR.save and AR.new, as well as > AR.some_method = value) without giving this user SELECT privileges?--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---