数据库连接的最佳方法
[英]Best approach for DB connections
问题描述
What is Best approach for DB connections. 
什么是数据库连接的最佳方法。
One connection with all privileges for all operation (CRUD) 一种具有所有操作所有特权(CRUD)的连接
Or 要么
2 connections, one for DELETE and one for others (CRU) 2个连接,一个用于DELETE,另一个用于其他(CRU)
Or 要么
Different connection for each operation. 每种操作使用不同的连接。
Which is best for performance and security. 哪个是最佳性能和安全性。
2 个解决方案
解决方案1
0 已采纳 2013-10-27 07:07:59
I personally would stick with one connection. 我个人会坚持一种联系。
There's no security difference between having 1 connection with all of the privileges and having 2 connections. 具有1个具有所有特权的连接和具有2个连接之间没有安全性区别。 If an attacker is in a position access the CRU credential, then they can just as easily access the other credential anyway. 如果攻击者可以访问CRU凭据,那么他们无论如何都可以轻松访问其他凭据。
To a large extent there's value in keeping it simple. 在很大程度上,保持简单很有价值。 The less you have to think about managing connections, then the more headspace you've got for other things like secure coding, best practice, managing vulnerabilities etc. 您不必花太多时间去考虑管理连接,那么您就获得了更多的诸如安全编码,最佳实践,管理漏洞之类的空间。
If you're particularly concerned about mass deletes, you could use a stored routine (start here: http://dev.mysql.com/doc/refman/5.1/en/stored-routines.html ) that would delete a single row. 如果您特别关注批量删除,则可以使用存储的例程(从此处开始: http : //dev.mysql.com/doc/refman/5.1/en/stored-routines.html )删除单个行。 。 Your PHP connection could then have CRU privileges (but not delete), plus permission to run this stored precedure. 这样,您的PHP连接可以具有CRU特权(但不能删除),并具有运行此存储的过程的权限。 That would mean that an attacker would have to call this procedure multiple times to delete multiple records, and (if done properly) would be unable to effect a mass delete with a single SQL statement. 这意味着攻击者必须多次调用此过程才能删除多个记录,并且(如果操作正确)将无法使用单个SQL语句来进行大规模删除。
解决方案2
0 2013-11-18 23:41:20
Common practice is to have single connection (user) to database with granted permissions for SELECT, INSERT, UPDATE, and DELETE. 常见的做法是对数据库具有单一连接(用户),并具有对SELECT,INSERT,UPDATE和DELETE的授予权限。
If you want to have separate users with different permissions then create one user with only SELECT and another with all CRUD. 如果要拥有具有不同权限的单独用户,则创建一个仅具有SELECT的用户,以及另一个具有所有CRUD的用户。 Then in script select one of these connections use it for executing all queries. 然后在脚本中选择这些连接之一,将其用于执行所有查询。
Opening multiple connections from one client is not good idea because you will effectively half the number of clients being able to connect. 从一个客户端打开多个连接不是一个好主意,因为您实际上将能够连接的客户端数量减少一半。
This applies only if you have only one database server, if you use read replicas then having multiple connections to different databases (on different servers) is not a problem. 这仅在只有一台数据库服务器的情况下适用,如果使用只读副本,则与不同数据库(在不同服务器上)的多个连接不是问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.