Save As MySQL is crashing gnucash
Geert Janssens
janssens-geert at telenet.be
Sat Nov 27 04:17:30 EST 2010
On Friday 26 November 2010, Robert Heller wrote:
> At Fri, 26 Nov 2010 11:51:18 -0800 (PST) Phil Longstaff
<plongstaff at rogers.com> wrote:
> > That's not quite OK. If a new version of gnucash is released which
> > requires a changed db schema, gnucash will try to automatically add new
> > columns and constraints. This might mean we will need to package schema
> > upgrades as a separate utility to be run by the dba.
>
> There is no reason to disallow a *user* from adding/dropping tables or
> altering tables (adding/removing columns, etc.). Allowing mere *users*
> the privs to add/drop *databases* is the security issue. The gnucash
> application should not be creating the database itself, only tables, etc.
>
As said before, this all depends on the context.
I have only two things to add regarding creation and dropping rights:
1. MySql's privilege system is very fine grained. It can be configured
perfectly fine to have a certain user only master a limited set of databases
- including creation and deletion of those databases - while the same user
doesn't have any privileges on other databases. That leaves a nice
middleground for some use cases.
2. Environments with strict security policies still need an administrator
account for their database server, only known to a limited set of
administrators. I think that in such environments, it will indeed be an
administrator that initially sets up the database and other users access it
via less privileged accounts. As John already suggested, in such environments
an administrator should run GnuCash and open the db once after each gnucash
update. I believe it would be sufficient to document this clearly.
Geert
More information about the gnucash-devel
mailing list