[Koha-devel] SQL reports [error]
Chris Nighswonger
cnighswonger at foundations.edu
Mon Apr 30 19:03:07 CEST 2012
On Mon, Apr 30, 2012 at 12:51 PM, Paul <paul.a at aandc.org> wrote:
> At 05:44 PM 4/30/2012 +0200, Fischer, Katrin wrote:
>
>> I really don’t like the idea. I think if you want someone to make
>> changes to the database, you should give them a proper tool and training to
>> do that (outside of Koha).
>>
>
> Respectfully, we might be talking apples and oranges. *All* staff and
> many users "make changes to the database" - not fundamental structural
> changes, but add, modify and delete data records. And it was the latter
> point that I raised earlier today.
>
>
True, except *all* staff and many users do not have the capability to
arbitrarily or otherwise create SQL which modifies and makes changes to the
database.
> You are of course correct that the various options allowed by UPDATE,
> DELETE, DROP, INSERT, and CREATE *can* modify/damage the structure of your
> database; but they can also be incredibly useful (see my earlier email that
> uses UPDATE.)
>
<snip>
> The chances of a major catastrophe are much greater if I try and train our
> cataloguers in the intricacies of MySQL and allow them access to the server
> room, than if I develop a secure script and make it available on the staff
> interface -- and that was the only reason I raised it on this list and will
> implement it on our Koha server. YMMV.
>
What you are asking to be placed into the main repo is contradictory to
security best practices. I would humbly suggest that you do just what you
have done/propose to do: modify your local installation to meet your local
requirements and security tolerance levels. However, let's leave the
main-line code in stricter compliance with the security norms of the larger
community.
Having said that, you might consider coding up a custom "tool" and place it
in Koha's tools page which does what you want. Then you could follow Koha's
typical practices for such db interaction, including adding the proper
granular perms to control user access.
Kind Regards,
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-devel/attachments/20120430/643c227f/attachment-0001.htm>
More information about the Koha-devel
mailing list