[Snort-users] Acid / MySQL question

Sean Wheeler S.Wheeler at ...2876...
Fri Nov 9 00:48:02 EST 2001


Another option :

Scenario : Multiple Sensors managed by different IT depts using a central
MySQL Server.

On the MySQL server, create a DB for each group of sensors within each dept.
Create a user account for each DB.
Setup sensors accordingly
Webserver uses virutal hosts..i.e 1 per dept and setup accordingly

Result : Each Dept now only has access to their Database

regards

Sean

----- Original Message -----
From: "Thomas Whipp" <tkw at ...1885...>
To: <lance at ...2024...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Thursday, November 08, 2001 6:27 PM
Subject: RE: [Snort-users] Acid / MySQL question


> To be honest I'm not convinced of the benfifit of multiple
> user accounts for MySQL - you can't do row level permissions
> so you don't really gain anything.  Perhaps if you where
> doing stuff with oracle then it would make sense.
>
> If you wanted to be really paranoid you could tie the
> permissions down even more - perhaps limiting select to only
> those tables/columns that are really necissary.
>
> However, if you dont want to have to redo the permissions
> list every time a database code change accesses another
> column then provided that you restict operations to select
> and insert then its not possible to delete or overwrite data
> and thats probably good enough.
>
> All privs is bad as it includes the right to drop tables and
> may include process level privs (i.e. the ability to
> remotely shut down the MySQL instance).
>
>
> Tom
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list