1 user 2 databases - HTML Forums

panther786 · 04-30-2008, 02:02 PM

I recently got a new hosting server and I realized that I only have one user (unless I pay extra) that can create a few databases ... they did not try to cheat me it was written there all along but I did not notice it ... anyway I believe its a good hosting company for the money .... will see ...

My question is: how would you protect one database from the other if the user that manipulates them is the same ? is there a trick to accomplish such a thing ?

putts · 04-30-2008, 03:19 PM

You only have one user that has access to create databases, but do you have the power to create new users that do not have DBO type powers?

If so, create one for each database and make sure they only have read/write access to their database.

If not, then I don't think so.

Can I ask why it matters anyways? It's not like people at your site are going to know the login being used to access the database. What is the requirement behind making sure a user connected to DB1 can't change things on DB2?

Users typically aren't the security risk.....it's the people behind the users. In your world, you're the person behind any/all logins on those databases so as long as you can trust yourself......I think you'll be fine

Vege · 04-30-2008, 06:42 PM

well, personally i do like to make for example admin/normal users to webapp and give the user just the specific grants he needs.
Thats just not possible in shared hosting usually so with sql injection people could get away with some nasty things.

putts · 05-02-2008, 01:37 PM

yeah, it is nice to have users that have "just enough" access but, as you said, in shared hosting it's just not usually available. My experience is that it's just best to code against those kind of attacks. Makes your code more mobile which means that you are able to shop around at more hosts because you're not limited by what your code requires.

I have gone so far down that road that I have a set of functions where I pass in certain parameters (one of which is the sql server type currently being used..... ms sql, my sql are the only ones I've built around so far) and the functions build the sql statements I need for the action I want.

Selects, Updates, Deletes, Create Tables, etc. Now, if I ever switch servers, I just migrate over my database tables with data, switch one global variable and I don't have to change any of my code to work with the new database.

Obviously, that's a bit over the top for most, but it's a good mindset to have when you are not hosting your own stuff and want to be able to go after the best deals available to you.