3

I'm building a MySQL DB for a web app which will be written in Python. I wanted to segregate the users functions to provide better security and maybe improve performance. I'm thinking to do it in this way: 2 sets of tables:

  • 1 Table for app user management
  • 1 Set of table for storing the information

I want to create 4 mysql users to access and manipulate the data from the app:

  • 1 user with Select rights for the Users Table
  • 1 user with Insert/update rights for the Users table
  • 1 user with Select rights for the set of tables storing the information
  • 1 user with Insert/update rights for the set of tables storing the information

So each of the Python modules reading/writting each of the tables will use the required user.

My reasoning is that if a user or insert field gets compromised by whatever the reason, the damage and information that can be manipulated/obtained will be limited. It shouldn't complicate the app, as it will be only using the right connection to the DB and you only do it once per module.

Would that be overkill? Can it impact the performance? Any other thoughts?

Improve this question
2
  • Are you familiar with phpmyadmin? That is a webapp that does something very similar to what you describe. The user enters a MySQL username and password. The user may attempt any action, but if he lacks the appropriate rights, an error message is returned. Commented Dec 21, 2012 at 12:39
  • Hi unutbu, I'm using phpmyadmin to configure the DB, but the webapp we are going to write will do the insert/update, etc... Commented Dec 28, 2012 at 8:56

2 Answers 2

Reset to default
0

Using the Principle of Least Privilege is ALWAYS a good idea.

Is it overkill? No, it's part of any good design.

Can it impact performance? No. A connection to the database is just a connection, the privileges associated with the account connecting to the database are irrelevant.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, will continue with it.
0

My reasoning is that if a user or insert field gets compromised by whatever the reason, the damage and information that can be manipulated/obtained will be limited. It shouldn't complicate the app, as it will be only using the right connection to the DB and you only do it once per module.

Yes, it is possible. You simply have to create one connection/session per user. I'd advise you to always use SQLAlchemy to work your ORM out, and it'd be as simple as declare as many instances as you have users in your database.

engine_select_only = create_engine(u'mysql://user1:[email protected]/mydb'
engine_insert_update = create_engine(u'mysql://user1:[email protected]/mydb'
engine_insert_update = create_engine(u'mysql://user1:[email protected]/mydb'
...

and then you map your engines to your tables, using the strategy that best fits your needs. I never tested that (because I'd never implement such a thing), but I see no reason SQLAlchemy couldn't map the same objects to different sessions.

Would that be overkill?

My personal opinion, is that yes it is overkill and utterly stupid. If you code correctly your application, there's no need of doing such a thing. You shall give your mysql connection the exact permissions you will need for the whole instance of your application, and you shall take a really good care of checking the user inputs. Thus you will protect your application, the system it is running on and your DBMS.

Can it impact the performance?

It can, each connection to the database has a cost, and your dbms has a limited pool of possible connections. The math is easy, if for every instance you open 4 connections, you divide the number of possible connections by that much. And that will not only impact your application, but every application that use your DBMS.

Any other thoughts?

Yes, just don't try to do that, and just have a good and secure design for your application :-)

Improve this answer

1 Comment

I disagree, as using layered security and principle of least privilege is not stupid and is recommended in any security manual/course, etc... Ah secure design of the application will be another layer of security, so will be user input, from the application point of view and from apache. Just trusting one security measure won't protect everything. Thanks

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.