[Gambas-devel] Gambas Database Manager - Access Denied

Philip A. Chapman pchapman at ...33...
Tue Jun 3 20:13:28 CEST 2003 

Benoit,

I believe that this is a bad idea for two reasons.  The first is that it
could open up security issues.  The second is that developers should
know at least the basics of how an RDBMS they are connecting to works.

I can understand that you would like for gambas to hide as many of the
mundane stuff as possible, but there is no excuse for a developer not
understanding how the RDBMS that his application is using works;
especially security.

Do everything that you can to create good prompts and error messages
when you cannot connect to a database.  Even provide ample
documentation.  However, I think installing an all powerful user is a
back door style exploit waiting to happen.

Thanks,

On Tue, 2003-06-03 at 12:07, Benoit Minisini wrote:
> Le Mardi 3 Juin 2003 12:32, Nigel GERRARD a écrit :
> > Few weeks or even months !:-) ago there was a thread discussing a problem
> > with mysql connects.  A message similar to 'Cannot open database: Access
> > denied for user '????@localhost' (Using password: NO..or YES)' occurs
> > within the Database Manager.  I am not sure whether this got resolved
> > properly since searching the sourceforge.net archives doesn't appear to
> > work, but is due to the mysql driver defaulting to database 'mysql' and the
> > connecting user not having the privileges to connect to it.
> >
> > I would suggest that the GDM should produce a warning message for the user
> > to check that the connection user has been granted access to database
> > 'mysql'.
> 
> Hi, Nigel
> 
> Could it be possible to write a little script to initialize a mysql database 
> server (I will the postgresql one) so that a default connection to the server 
> works every time ?
> 
> For example, it will create a 'gambas' user with all access, and this user 
> will be used by the driver.
> 
> Do you think it is a good idea, or do you think it's better to let the root 
> user doing that ?
-- 
Philip A. Chapman

Application Development:
Java, Visual Basic, PostgreSQL, MySQL, MSSQL
Linux, Windows 9x, Windows NT, Windows 2000, Windows XP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.gambas-basic.org/pipermail/devel/attachments/20030603/497c0f63/attachment.sig>

More information about the Devel mailing list