[Digikam-devel] [digikam] [Bug 355831] MySQL Schema Improvements

[Richard Mortimer via KDE Bugzilla]

https://bugs.kde.org/show_bug.cgi?id=355831

--- Comment #14 from Richard Mortimer <richm+kde at oldelvet.org.uk> ---
CreateFaceTriggers is commented because it is still a TODO change to replace it
with references. I just commented it to stop any chance of an error with the
reduced privileges whilst testing. I will replace this when I produce another
version of that patch.

=> You create database at end. Why ?

It will work at the start or end. It is just habit that I create the database
after setting up permissions.

=> you grant usage to dedicated user. Why ?

The usage line sets up the password for the dedicated user. The password is not
tied to a specific database so it is clearer to set that up separately from
giving access to a database. Note that "USAGE" infers no privileges to a user
it just provides a convenient way to change user account settings.
See http://dev.mysql.com/doc/refman/5.5/en/privileges-provided.html#priv_usage

=> you grant privilege to this dedicated user too. Why ?

The second grant gives access to the specific database for that user. That is
done at database level so it give all database level privileges (create
database, table etc.) without giving database server administration level
privileges.

=> you do not flush privilege. Why ?

I do not think that flush is needed if you use the GRANT statement method to
setup privileges. But it does not hurt to include it.
See http://dev.mysql.com/doc/refman/5.5/en/privilege-changes.html

Use of a dedicated user and not root is for security reasons. The root user
tends to have full database administration privileges and that is not a good
thing to encourage.

If you want to give multiple users access to the same database just issue the
same grant commands for the additional users. You could also use a more tightly
controlled set of privileges for these different users.

-- 
You are receiving this mail because:
You are the assignee for the bug.