On Thu, 25 Oct 2012 00:22:40 -0700 (PDT), Mike Burr
<admin@unintuitive.org> declaimed the following in
gmane.comp.python.django.user:
> On Oct 25, 3:44 pm, Christophe Pettus <x...@thebuild.com> wrote:
>
> > That being said, this kind of thing is *much* better done at the DB level, so that you can be certain that there are no other paths that allow data to be updated.
>
> I agree. Now that I think of it, I will probably wait until this goes
> into production (MySQL) and implement it therehow.
>
In the case of MySQL you are looking at defining tables_priv
settings (allow select/insert but deny update/delete) and tie those
restrictions to a user account (you'll want a different account for
admin that has full privileges to the tables).
--
Wulfraed Dennis Lee Bieber AF6VN
wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment