Passing username and password to MySQL

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Passing username and password to MySQL

Roddie Grant
[Lasso 6.0.6]

If I've understood the recent security discussions, I should set up specific
privileges within each MySQL database. There should be SELECT_user with a
password, INSERT_user with a different password, etc. That secures MySQL.

To maximise the benefit of this, I need Lasso to use the specific usernames
and passwords when executing SQL. So an [inline] which SELECTs should use
the SELECT_user and corresponding password; an [inline] which INSERTs should
use the INSERT_user and corresponding password. Correct?

Lasso Professional 6 Setup Guide page 239 says that Lasso can do this -
"Lasso also provides the ability to pass the username and password of the
current authenticated user through to the database application." I can't get
this to work. I always use -sql inlines.

In a demo database I have set up a user with just SELECT privileges. This
works as expected in Terminal and CocoaMySQL.

I've set up a group/user in LassoAdmin and given permission for everything
relating to the demo database; it has the same name and password as in
MySQL. I've set up a test inline, and confirmed Lasso is recognising the
user by reading a file from disk. But when I try to use the same inline to
select from the database I get "No permission".

Any advice?

Thanks

Roddie Grant


--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Passing username and password to MySQL

Roddie Grant
Ah, I've just found the thread "Allow SQL is a dangerous thing" in the
archives, which probably answer this.

Roddie




on 8/6/05 13:36, Roddie Grant at [hidden email] wrote:

> [Lasso 6.0.6]
>
> If I've understood the recent security discussions, I should set up specific
> privileges within each MySQL database. There should be SELECT_user with a
> password, INSERT_user with a different password, etc. That secures MySQL.
>
> To maximise the benefit of this, I need Lasso to use the specific usernames
> and passwords when executing SQL. So an [inline] which SELECTs should use
> the SELECT_user and corresponding password; an [inline] which INSERTs should
> use the INSERT_user and corresponding password. Correct?
>
> Lasso Professional 6 Setup Guide page 239 says that Lasso can do this -
> "Lasso also provides the ability to pass the username and password of the
> current authenticated user through to the database application." I can't get
> this to work. I always use -sql inlines.
>
> In a demo database I have set up a user with just SELECT privileges. This
> works as expected in Terminal and CocoaMySQL.
>
> I've set up a group/user in LassoAdmin and given permission for everything
> relating to the demo database; it has the same name and password as in
> MySQL. I've set up a test inline, and confirmed Lasso is recognising the
> user by reading a file from disk. But when I try to use the same inline to
> select from the database I get "No permission".
>
> Any advice?
>
> Thanks
>
> Roddie Grant
>


--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Passing username and password to MySQL

Greg Willits
In reply to this post by Roddie Grant
On Jun 8, 2005, at 5:36 AM, Roddie Grant wrote:

> If I've understood the recent security discussions, I should set up
> specific
> privileges within each MySQL database. There should be SELECT_user
> with a
> password, INSERT_user with a different password, etc. That secures
> MySQL.
>
> To maximise the benefit of this, I need Lasso to use the specific
> usernames
> and passwords when executing SQL. So an [inline] which SELECTs should
> use
> the SELECT_user and corresponding password; an [inline] which INSERTs
> should
> use the INSERT_user and corresponding password. Correct?
>
> Lasso Professional 6 Setup Guide page 239 says that Lasso can do this -
> "Lasso also provides the ability to pass the username and password of
> the
> current authenticated user through to the database application." I
> can't get
> this to work. I always use -sql inlines.
>
> In a demo database I have set up a user with just SELECT privileges.
> This
> works as expected in Terminal and CocoaMySQL.
>
> I've set up a group/user in LassoAdmin and given permission for
> everything
> relating to the demo database; it has the same name and password as in
> MySQL. I've set up a test inline, and confirmed Lasso is recognising
> the
> user by reading a file from disk. But when I try to use the same
> inline to
> select from the database I get "No permission".

I haven't set this up like this in quite a while as the projects I'm
working on now are intranet stuff where pretty much everyone is there
to edit, but IIRC...

Check the connector settings. Does it have a default un & pw? Now click
list databases, and click the db in question -- does the detail panel
have Always Connect with Defaults set to yes? If so, then the query
will always use the connector default nm & pw. I think you have to set
that Always to No, and then it will use the inline nm & pw for each
query.

-- greg willits


--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Passing username and password to MySQL

Roddie Grant
In reply to this post by Roddie Grant
on 8/6/05 14:16, Greg Willits at [hidden email] wrote:

> On Jun 8, 2005, at 5:36 AM, Roddie Grant wrote:
>
>> If I've understood the recent security discussions, I should set up
>> specific
>> privileges within each MySQL database. There should be SELECT_user
>> with a
>> password, INSERT_user with a different password, etc. That secures
>> MySQL.
>>
>> To maximise the benefit of this, I need Lasso to use the specific
>> usernames
>> and passwords when executing SQL. So an [inline] which SELECTs should
>> use
>> the SELECT_user and corresponding password; an [inline] which INSERTs
>> should
>> use the INSERT_user and corresponding password. Correct?
>>
>> Lasso Professional 6 Setup Guide page 239 says that Lasso can do this -
>> "Lasso also provides the ability to pass the username and password of
>> the
>> current authenticated user through to the database application." I
>> can't get
>> this to work. I always use -sql inlines.
>>
>> In a demo database I have set up a user with just SELECT privileges.
>> This
>> works as expected in Terminal and CocoaMySQL.
>>
>> I've set up a group/user in LassoAdmin and given permission for
>> everything
>> relating to the demo database; it has the same name and password as in
>> MySQL. I've set up a test inline, and confirmed Lasso is recognising
>> the
>> user by reading a file from disk. But when I try to use the same
>> inline to
>> select from the database I get "No permission".
>
> I haven't set this up like this in quite a while as the projects I'm
> working on now are intranet stuff where pretty much everyone is there
> to edit, but IIRC...
>
> Check the connector settings. Does it have a default un & pw? Now click
> list databases, and click the db in question -- does the detail panel
> have Always Connect with Defaults set to yes? If so, then the query
> will always use the connector default nm & pw. I think you have to set
> that Always to No, and then it will use the inline nm & pw for each
> query.
>
> -- greg willits


I can't get Always Connect with Defaults to make any difference. I'm coming
to the conclusion that Host is the 'lowest' level where you can set un & pw,
inspite of what the Setup Guide says. That seems to be the implication of
the "Allow SQL is a dangerous thing" thread.

I've just created a new host, and set Always Connect with Defaults to No on
the demo database. Regardless, it's the Host default un and pw that are
used. If they have all privileges in MySQL, UPDATE will work, but if they
have SELECT only, I get (for example) "Update command denied to user: 'John
Smith@localhost' for table 'demo1'".

Does anyone have Lasso (6.0.6) set up to use specific MySQL privileges?

Regards

Roddie Grant








--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage