i wanted to know if there is a way to restrict the php queries i would have from another site to 'server' here. in terms of preventing certain commands. explicitly the delete of any form commands. ie:
EXPLICIT PERMS:
{SQL STATEMENTS}
FULL ACCESS:
connect - ALLOW
select - ALLOW
update - ALLOW
insert - ALLOW
RESTRICTED ACCESS:
*modify DB - DENY except table info in terms of content.
*modify (table) - DENY except rows and column information update or add new row.
DENY:
create table- DENY
delete table -DENY
*delete - DENY
*create DB - DENY
*delete DB - DENY
all other commands - DENY
however. i would like if possible an admin level login, user to connect and perform maintence ops.
it would be a sql script running on the same server with a different user/pass.
these perms would be
FULL ALLOW;
since it would be checking for duplicate entries and merging. and back end DB ADMINS would be able to modify content.
NO person will have access to the x10 admin portal account. so admin will have to be through a connected server.
the final purpose of the above to add a layer of security against sql injection, malicious users, and other 'bad things' from the server side (this server) above and beyond the remote server security measures.
EXPLICIT PERMS:
{SQL STATEMENTS}
FULL ACCESS:
connect - ALLOW
select - ALLOW
update - ALLOW
insert - ALLOW
RESTRICTED ACCESS:
*modify DB - DENY except table info in terms of content.
*modify (table) - DENY except rows and column information update or add new row.
DENY:
create table- DENY
delete table -DENY
*delete - DENY
*create DB - DENY
*delete DB - DENY
all other commands - DENY
however. i would like if possible an admin level login, user to connect and perform maintence ops.
it would be a sql script running on the same server with a different user/pass.
these perms would be
FULL ALLOW;
since it would be checking for duplicate entries and merging. and back end DB ADMINS would be able to modify content.
NO person will have access to the x10 admin portal account. so admin will have to be through a connected server.
the final purpose of the above to add a layer of security against sql injection, malicious users, and other 'bad things' from the server side (this server) above and beyond the remote server security measures.
