[pmwiki-users] most user-friendly method of database configuration

[Ben Stallings]

Crisses wrote:
> That has to fall on the shoulders of the database admin, too.  I could 
> create separate unpriviledged users -- AND SHOULD -- to protect the 
> database.  Then I need a way to have multiple database/user combos in 
> the wiki.

I'm not sure I understand the argument for restricting database access 
via multiple connections.  I built a number of database front ends with 
UpdateForm, using two lines of defense: the UpdateForm recipe was only 
enabled for page groups that had edit passwords, and the recipe is 
unable to do any damage worse than deleting a single record at a time -- 
it can't modify or delete tables because it simply doesn't know those 
SQL commands.

I probably should have set up a restricted database user, but the only 
way I can think of that dangerous SQL commands could be sent is if my 
config.php (containing the fully privileged username and password) got 
out, which would mean the FTP password was already out, in which case 
the whole site is basically toast anyway.

With DataQuery the same security will be in effect: you will only be 
able to update a record if you have editing privileges for the virtual 
page, and the recipe will not know the SQL commands for modifying or 
deleting tables.   I'm also writing in another level of defense, in that 
entire tables can be specified as off-limits to the recipe (as well as 
fields within tables, which is already possible with SelectQuery).

So I'm having trouble imagining a situation where it would help matters 
to have a restricted database connection.  Maybe this failure of 
imagination explains why I was never a hacker.  Can you help me out? 
--Ben S.