Announcement

  •  » Requests
  •  » Looking for a database user per piwigo user.

#1 2022-07-15 22:31:58

Alexander83706
Member
Boise
2019-07-07
126

Looking for a database user per piwigo user.

Hello/Hi/Greetings,

When I accept a new user on piwigo.

I would like to add an additional user on mysql. With limited capabilities. (Select, Delete, Insert, etc). 

I don't want to allow users to have access to create trigger, table or database) or beyond. I am viewing this as a  security feature.


Piwigo URL: http://TheLargerOcean.net
Database:   MySql 5.7
OS:              FreeBSD-13.1-RELEASE

Offline

 

#2 2022-07-15 23:45:55

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13564

Re: Looking for a database user per piwigo user.

Hi Alexander83706,

I admit I don't exactly see how this question is related to Piwigo :-/ Can you give more details?

Offline

 

#3 2022-07-22 02:30:58

Alexander83706
Member
Boise
2019-07-07
126

Re: Looking for a database user per piwigo user.

It is the interaction between piwigo and the database selected that is relevant.


Well, my thinking is that if I have a piwigo user. I should also have a matching entry in the database.

I do not enjoy 50 users all signing into the database as 'piwigo'.

I think that the registration process simply needs to be expanded to match the user logins.

If I sign on as webmaster, my role should be 'administrator' on the database. I could create tables, views, stored procedures and what not.

If I sign in as registered user. My database abilities should be limited to 'Select, Update, Insert' and possibly a little more.

You have roles set up already, User, guest, Family, Friend, Administrator and Webmaster'. Assign them to the role on the database as soon as the new user is approved.

Guest roles would be Select only .   'User' role would be 'Select, Insert, Update'.   Friend /Family might be argued over. Admin and Webmaster would have the ability to create additional stored procedures and whatnot..

Not sure about Mysql. But Oracle did have roles so that we could assign capabilites to the user login. I'll have to look into that somewhere down the line.

Last edited by Alexander83706 (2022-07-22 02:31:46)

Offline

 

#4 2022-07-22 11:25:57

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13564

Re: Looking for a database user per piwigo user.

I think there is a confusion between "database users" and "piwigo users" here. It is absolutely not at the same level and shouldn't be mixed up like this.

A simple visitor in Piwigo should be able to write a user comment, don't you think? To put it simple, that means adding a line in the piwigo_comments table. No need to have a specific database user for that.

Offline

 

#5 2022-07-24 11:12:23

Alexander83706
Member
Boise
2019-07-07
126

Re: Looking for a database user per piwigo user.

Im thioking that if a guest posts a comment.

He will be hitting the same table regardless of the user doing the posting.

Only difference is the user table. Might post user one versus user 20.

No big deal.

I guess I will look for a hook to develop that myself.

As soon as user is approved do a quick insertion for database user.

Roles would be taken right off of the (Webmaster, Administrato, Family, Friend, Guest) assignments....

Regarless of who does the comment insertion, it would register on the same table.

Views are not used on this product. So that is not an issue.

Offline

 
  •  » Requests
  •  » Looking for a database user per piwigo user.

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2022 · Contact