ruby on rails - Multiple Database Users per function -

-

we exploring how sql inject risks can limited allowing key functions perform duties within our rails application. security officier, not full time rails person.

the way see it, writing database should occur when account created (registration) or account modified (user profile update). simplification purposes, let's assume no other updates happen within application users.

if not block sql injection attack on read request, protected better 2 separate calls.

can rails support following configuration? -

  • one database connection "read" requests
  • one database connection (same exact database) "write" requests

if so, how in database file , code requests?

i thought might post out.

class user < activerecord::base   self.abstract_class = true    ...  end

cur = create update read

r = read only

class usercur < user    establish_connection "user_cur_database_#{rails.env}" end  class userr < user    establish_connection "user_r_database_#{rails.env}" end

database.yml

user_cur_database_production:   adapter: w.e.sql   host: yourhost   username: user_cur   password: ********   database: yourdb  user_r_database_production:   adapter: w.e.sql   host: yourhost   username: user_r   password: ********   database: yourdb

where users have different access permissions

you same thing on rails app instead of in db, know isn't looking can provide more help.

is there easy way make rails activerecord model read-only?


Comments

Post a Comment

Popular posts from this blog

android - getbluetoothservice() called with no bluetoothmanagercallback -

-
i getting getbluetoothservice() called no bluetoothmanagercallback error in android application. i have no idea causing or bluetooth manager callbacks. can give me idea of causing problem or start looking. by reading android source code, seems warning cannot about. source code shows if call bluetoothsocket#connect(); then call bluetoothadapter.getdefaultadapter().getbluetoothservice(null); the key here, null parameter passes in above line. due this, there no callback, , bluetoothsocket class throw out warning. since warning, not think need it. https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/bluetooth/bluetoothsocket.java line 306 https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/bluetooth/bluetoothadapter.java line 1610
Read more

sql - ASP.NET SqlDataSource, like on SelectCommand -

-
i'm working on asp.net. have sqldatasource query hardcoded on selectcommand: <asp:sqldatasource id="datasource1" runat="server" cancelselectonnullparameter="false" connectionstring="<%$ connectionstrings:s.properties.settings.connectionstring %>" selectcommand="select * [table] ([col1] case @col1_param when null col1 else @col1_param end) , ([col2] case @col2_param when null col2 else @col2_param end)" selectcommandtype="text"> <selectparameters> <asp:controlparameter controlid="textbox1" name="col1_param" propertyname="text" type="string" /> <asp:controlparameter controlid="textbox2" name="col2_param" propertyname="text" type="string" /> </selectparameters> what want if enter data on 1 textbox only, data display according textbox
Read more

ios - Undefined symbols for architecture armv7: "_OBJC_CLASS_$_SSZipArchive" -

-
i try using extractzipfile plugin @ this: https://github.com/phonegap/phonegap-plugins/tree/master/ios/extractzipfile but when compiler xcode 4.6.1 in sdk 6.1 throws error: undefined symbols architecture i386: "_objc_class_$_ssziparchive", referenced from: objc-class-ref in extractzipfileplugin.o ld: symbol(s) not found architecture i386 clang: error: linker command failed exit code 1 (use -v see invocation) i try issue @ here: undefined symbols architecture armv7 ssziparchive but shows error: /users/alienware/desktop/extractzipfile/ssziparchive/tests/ssziparchivetests.m:10:9: 'sentestingkit/sentestingkit.h' file not found i work phonegap , make app in ios, dump. update : try add ssziparchive.m compiler source , come new error: undefined symbols architecture i386: "_unzclose", referenced from: +[ssziparchive unzipfileatpath:todestination:overwrite:password:error:delegate:] in ssziparchive.o "_unzclosecurrentfil
Read more