SOURCE Boston 2012 is next week and I’ll be up there Tuesday and Wednesday. I’ll be presenting “What Permissions Does Your Database User REALLY Need” from 2:00pm – 2:50pm on Tuesday April 17th. The abstract for the talk is:
Attaching web applications to databases as “sa” or “root” might be easy but it is also a horrible idea. This presentation provides a methodology as well as tools to create fine-grained database user permissions based on application-specific requirements. The negative impact of permissive database user account permissions is demonstrated alongside the potential benefits of constrained database user access. Tools for the automated creation of security-role-specific MySQL user permission policies will be demonstrated and these will be used as a model for making “least privilege” database accounts a standard practice in web application deployment.
I’ll be introducing a tool called “sqlpermcalc” during the talk that takes a set of SQL queries run through a MySQL database and uses them to create a “least privilege” set of permissions that would be required to run those queries. You can get a preview of the sqlpermcalc code at the Github site here.
Contact us if you would like to meet up at SOURCE Boston 2012.
dan _at_ denimgroup.com