Is there to set up the ActiveRecord connection to the database to that you only have read-only access to the database? For example, you are accessing a legacy database to create reports, you are not too sure what you are doing and what to make sure that the Rails application can not (accidentally) overwrite any data? Thanks for any ideas -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
wfisk wrote:> Is there to set up the ActiveRecord connection to the database to that > you only have read-only access to the database? > > For example, you are accessing a legacy database to create reports, you > are not too sure what you are doing and what to make sure that the Rails > application can not (accidentally) overwrite any data? > > Thanks for any ideasSet up user security in the database so that only SELECT statements are allowed. See http://dev.mysql.com/doc/refman/5.0/en/grant.html See also http://www.ruby-forum.com/topic/83697#149313 -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Its an SQL Server database. I guess I could create a user with readonly access and then connect as that user. Yes good idea. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> -----Original Message----- > From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > [mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org] On Behalf Of wfisk > Sent: Monday, March 26, 2007 10:36 AM > To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > Subject: [Rails] read-only access to the database > > > > Is there to set up the ActiveRecord connection to the > database to that you only have read-only access to the database? > > For example, you are accessing a legacy database to create > reports, you are not too sure what you are doing and what to > make sure that the Rails application can not (accidentally) > overwrite any data?Here''s what I''ve do: class Foo < ActiveRecord::Base def write_attribute(name, value) raise NotImplementedError, ''read only table'' end end This approach won''t even allow you to assign values to a Foo instance. If you want to defer until the moment a user tries to *save* a record, then redefine ''save'' and ''save!'' instead. Regards, Dan This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
"This approach won''t even allow you to assign values to a Foo instance. If you want to defer until the moment a user tries to *save* a record, then redefine ''save'' and ''save!'' instead." I thought about something like this, too, but I have a database of over a million records, so I didn''t even want to take a chance. Not granting any abilities beyond SELECT guarantees that no possible error in your coding, not even the briefest lapse, will impact the DB because the DB won''t let it happen. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Dan, Thanks for that - I am going to do that too! I must admit I thought that ''readonly'' might have been a parameter of the database connection and I looked for that, but apparently not. I like the idea of redefining ''write_attribute'' and save, and I think that it is worth doing, because you will catch some cases where a write has been attempted but you still cannot be sure that a write (or a restructure?) will not happen some other way. The best route still seems to be to define a user that only has read access to the database. Thanks again for the ideas. William -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> -----Original Message----- > From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > [mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org] On Behalf Of William Fisk > Sent: Monday, March 26, 2007 12:34 PM > To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > Subject: [Rails] Re: read-only access to the database > > > > Dan, > > Thanks for that - I am going to do that too! > > I must admit I thought that ''readonly'' might have been a parameter of > the database connection and I looked for that, but apparently not.I know some vendors (such as Oracle) support a restricted mode, but it requires connecting to the database first, then immediately issuing an "alter session" command. How you would implement that in Rails I''m not sure. Perhaps some sort of "post_connect" method?> I like the idea of redefining ''write_attribute'' and save, and I think > that it is worth doing, because you will catch some cases > where a write > has been attempted > but you still cannot be sure that a write (or a restructure?) > will not > happen some other way. > > The best route still seems to be to define a user that only has read > access to the > database.Oh, definitely. This was just the way to do it through Rails, not at the DB layer. And, like you said, you can always write it in such a way as to track anyone who attempts to make a write attempt (presumably through a backend interface, such as xml-rpc).> Thanks again for the ideas.You''re welcome. Regards, Dan This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Add this to your model class User < ActiveRecord::Base # Ensure that this record can not be saved or modified in any way # If save is called, this will throw an exception. def readonly?() true end end That will prevent anything from saving. I use that a lot. :) On 3/26/07, Berger, Daniel <Daniel.Berger-6vC2hAQLr78AvxtiuMwx3w@public.gmane.org> wrote:> > > > -----Original Message----- > > From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > > [mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org] On Behalf Of William Fisk > > Sent: Monday, March 26, 2007 12:34 PM > > To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > > Subject: [Rails] Re: read-only access to the database > > > > > > > > Dan, > > > > Thanks for that - I am going to do that too! > > > > I must admit I thought that ''readonly'' might have been a parameter of > > the database connection and I looked for that, but apparently not. > > I know some vendors (such as Oracle) support a restricted mode, but it > requires connecting to the database first, then immediately issuing an > "alter session" command. How you would implement that in Rails I''m not > sure. Perhaps some sort of "post_connect" method? > > > I like the idea of redefining ''write_attribute'' and save, and I think > > that it is worth doing, because you will catch some cases > > where a write > > has been attempted > > but you still cannot be sure that a write (or a restructure?) > > will not > > happen some other way. > > > > The best route still seems to be to define a user that only has read > > access to the > > database. > > Oh, definitely. This was just the way to do it through Rails, not at the > DB layer. And, like you said, you can always write it in such a way as > to track anyone who attempts to make a write attempt (presumably through > a backend interface, such as xml-rpc). > > > Thanks again for the ideas. > > You''re welcome. > > Regards, > > Dan > > > This communication is the property of Qwest and may contain confidential > or > privileged information. Unauthorized use of this communication is strictly > prohibited and may be unlawful. If you have received this communication > in error, please immediately notify the sender by reply e-mail and destroy > all copies of the communication and any attachments. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---