Richard wrote:
> Suraj wrote:
>> However, this brings up another issue. Since each user's local copy of
>> your Rails app has write access to your central DB, you could lose all
>> your data on the central DB if a user runs
>>
>>   rake migrate VERSION=0
>>
>> It's kinda silly, but possible.
> 
> IMHO, not silly at all.  It says to me that when I port the application
> to client machines, I should arrange that Rake can only be run under an
> Administrator account.

Maybe that is too restrictive -- rake is used for other Ruby stuff as 
well. An alternative approach is to override the migrate task in the 
main Rakefile:

  task :migrate do
    exit # silently!
  end

This way, you can still use rake for other projects.

> Also,  I should make sure that any dangerous
> commands to the DBMS can only be run under the root ID.  That should at
> least plug up some of the security holes.

Precisely.

I don't know much details about DB permissions, but I'm sure there is a 
different set of permissions for DROP and CREATE tables. Those should 
not be given to users. Instead, users should only have INSERT, UPDATE, 
and DELETE permissions.

Other than that, making regular backups of your DB should cover any 
remaining troubles -- like a user deleting all rows/records from a DB 
table or inserting lots of spam into a DB table.

-- 
Posted via http://www.ruby-forum.com/.