Sun Feb 20 18:20:38 UTC 2011
allow users.ID, deny everything else.
However, also from memory, you need priv_select for columns used in WHERE,
and that applies to any usage of WHERE, so you'd probably have to allow
selecting the email column which might not fit what you're trying to
It may have also changed in later versions as what I'm thinking of it old
Perhaps you'd be better off offering a web-based API which applies the
security rules you need?
I would like to mention that this is a bit off topic for wp-hackers however,
and would probably be better suited to a mysql-centered list, whilst I'm
sure we've got some decent minds who will know this stuff like the back of
their hand.. It doesn't change the fact that isn't the best place for it.
On 30 March 2011 11:47, Robert Lusby <nanogwp at gmail.com> wrote:
> Bit of topic sorry, but maybe you can help:
> Does anyone know how to count the number of rows that would be returned in
> query, without giving the MySQL user SELECT privs?
> Need to determine if a set email address is already in a database - if not,
> add the address.
> I have the security improved in that, currently, the MySQL user for this
> application can only INSERT .. so worse-case sceniro, is a hacker can add
> extra user data, but not view or remove any.
> Now I need to count number of rows returned, but without any data actually
> being returned.
> Is there a command, or permission level I can use to do this? Any ideas?
> Thanks in advance.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers