[wp-hackers] Number of rows without returning data - MySQL

Dion Hulse (dd32) wordpress at dd32.id.au
Wed Mar 30 01:04:14 UTC 2011 

Sorry, Somehow skipped the initial offtopic warning.. :)
Second thought might be to look into stored procedures, It appears that you
can have execute privs without select privs and rely on the SP to run the
select

On 30 March 2011 11:56, Dion Hulse (dd32) <wordpress at dd32.id.au> wrote:

> depends on what data you're trying to hide.
> From memory priv_select can allow access to specific columns in tables, so
> allow users.ID, deny everything else.
> However, also from memory, you need priv_select for columns used in WHERE,
> and that applies to any usage of WHERE, so you'd probably have to allow
> selecting the email column which might not fit what you're trying to
> achieve.
> It may have also changed in later versions as what I'm thinking of it old
> info.
>
> Perhaps you'd be better off offering a web-based API which applies the
> security rules you need?
>
> I would like to mention that this is a bit off topic for wp-hackers
> however, and would probably be better suited to a mysql-centered list,
> whilst I'm sure we've got some decent minds who will know this stuff like
> the back of their hand.. It doesn't change the fact that isn't the best
> place for it.
>
> On 30 March 2011 11:47, Robert Lusby <nanogwp at gmail.com> wrote:
>
>> Bit of topic sorry, but maybe you can help:
>>
>> Does anyone know how to count the number of rows that would be returned in
>> a
>> query, without giving the MySQL user SELECT privs?
>>
>> Need to determine if a set email address is already in a database - if
>> not,
>> add the address.
>>
>> I have the security improved in that, currently, the MySQL user for this
>> application can only INSERT .. so worse-case sceniro, is a hacker can add
>> extra user data, but not view or remove any.
>>
>> Now I need to count number of rows returned, but without any data actually
>> being returned.
>>
>> Is there a command, or permission level I can use to do this? Any ideas?
>>
>> Thanks in advance.
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>
>

More information about the wp-hackers mailing list