[Koha-devel] SQL reports [error]

Mon Apr 30 17:44:41 CEST 2012

Hi Paul,

I really don’t like the idea. I think if you want someone to make changes to the database, you should give them a proper tool and training to do that (outside of Koha). The interface for statistics is very limited and does not give feedback when your SQL statements have errors or produce no result sets. Also it seems like a big security risk to me.

Katrin

From: koha-devel-bounces at lists.koha-community.org [mailto:koha-devel-bounces at lists.koha-community.org] On Behalf Of Jared Camins-Esakov
Sent: Monday, April 30, 2012 5:21 PM
To: Paul Poulain
Cc: koha-devel at lists.koha-community.org
Subject: Re: [Koha-devel] SQL reports [error]

Paul,

On Mon, Apr 30, 2012 at 11:17 AM, Paul Poulain <paul.poulain at biblibre.com> wrote:

Question to all = could it be a good idea to let superlibrarians execute
dangerous SQLs like the one forbidden by the test ?
Otherwise asked: could we add a
unless permission eq 'superlibrarian'
condition ?

( ie: "with great power comes great responsibility" - at spiderman uncle- )

We were actually just discussing that on #koha a few days ago. I argued that only the database user (i.e. user 0) should be allowed to do it. If you have the direct login, there's nothing you can't do with the system just by logging into the database.

Regards,

Jared 

-- 
Jared Camins-Esakov

Bibliographer, C & P Bibliography Services, LLC

(phone) +1 (917) 727-3445

(e-mail) jcamins at cpbibliography.com

(web) http://www.cpbibliography.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-devel/attachments/20120430/45069f20/attachment-0001.htm>