• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Hibernate database user privileges

 
Daniel Bryant
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I'm using Hibernate in my application which is about to go into production. Can anyone provide any guidance as to the recommended privileges the user that Hibernate connects to the database should have?

At the moment we are using this script on our mysql database:



Could granting all privileges pose any unforeseen security risks, and would Hibernate work correctly with less privileges?

Many thanks,

Daniel
 
Shailesh Kini
Ranch Hand
Posts: 153
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Daniel,

In any system, I recommended granting selective privileges to a database user used by your application.

For example if your application just displays data from the database (reporting system), you might consider giving only select access to the database user. Also you could make your connections read-only.

Many companies prefer not to delete and remove data in production environments. Instead, they flag the row to be be deleted as inactive. Granting delete access to the user in this case could result in accidental deletion of records.

I also recommend you create another database user for your application who is not the schema owner.

In my opinion grant only selective privileges to a database user.

This is just my opinion, others may have something better to share.
 
Daniel Bryant
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Shailesh,

Many thanks for your comments - I'll definitely keep them in mind (and you make a really good point about the deletion column, which I had completely forgotten in my current implementation!!)

I was also wondering what the impacts are of altering privileges for the Hibernate framework, but I may have to ask that on a more specialized forum.

Thanks again,

Daniel
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic