[英]Controlling access to data in MySQL, using Node, Express, Knex and Bookshelf
I am very new to database design and structuring - I have had no formal training and am purely self taught so I apologize in advance if this is a bland question. 我对数据库设计和结构还很陌生-我没有经过正式的培训,而且完全是自学成才,因此如果这是一个平淡的问题,我会提前道歉。
I am designing a web app and am thinking to the future as users will have to be able to interact with each other sharing part of their data. 我正在设计一个Web应用程序,并在考虑未来,因为用户将必须能够彼此交互,共享其部分数据。 I am wondering if there is a standard convention to controlling access to tables in MySQL and how I should generally tackle this problem with code written in NodeJS, ExpressJS, KnexJS, and BookshelfJS.
我想知道是否存在用于控制对MySQL中的表的访问的标准约定,以及我通常应如何用NodeJS,ExpressJS,KnexJS和BookshelfJS编写的代码解决此问题。
For example: a user will be matched with another user, both users will be able to see location, favourite book, etc but not able to see last name, birth date. 例如:一个用户将与另一个用户匹配,两个用户都将能够看到位置,喜欢的书等,但看不到姓氏,出生日期。 etc.
等等
How do I control this? 我该如何控制?
If anyone could point me to a few resources they have found helpful that would be great as well. 如果有人可以指出一些资源,他们也会有所帮助。
You seem to have learned a bit of MySQL and its access control features. 您似乎已经学到了一些MySQL及其访问控制功能。 Well, database user level access control IS NOT used by modern applications -- that could make resource management, like connection pools, very hard to implement.
嗯,现代应用程序不使用数据库用户级别的访问控制,这会使连接池之类的资源管理非常难以实现。 Usually SQL databases backing web applications have a single or, at most, two users: one for general data access and one for admin purposes.
通常,支持Web应用程序的SQL数据库有一个或最多两个用户:一个用于常规数据访问,一个用于管理。
The kind of access control you mentioned MUST be handled by your application code, YOUR code. 您提到的那种访问控制必须由您的应用程序代码(您的代码)来处理。 There are libraries that help take care of authentication (eg passport ) and authorization but ultimately it is YOUR CODE responsibility.
有一些库可以帮助您进行身份验证(例如Passport )和授权,但最终由您的代码负责。
So my answer to your " How do I control this? " question is: 因此,对于您的“ 我如何控制此问题? ”的回答是:
With YOUR code.
使用您的代码。
This is the whole point of Software Development. 这是软件开发的重点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.