Sign in / up

back to article Examples of good practice, or not...

It's always an issue, when publishing tutorials, as to how much care you take about "good practice" peripheral to the main tutorial subject. What's appropriate when knocking up a quick demo to illustrate the capabilities of a new technology isn't appropriate when the new technology might end up in a business production …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Thomas Hansen

    Sorta agree

    I think the important point is to preface examples with the right sort of disclaimer like 'this is not the proper way to do it, but I'll do for now' and that sort of thing.

    I've set up a few PHP projects where, when I got to the "here's how you setup the database" part, I've thought "oh, no, that's not how I'm going to do it".

    When a writer points out that he knows that it's not the 'correct' way to do something that I know something about, it makes me more confident that he'd do the same for the stuff I don't know about.

    0 0
  2. David Norfolk

    Thanks

    It's always a bit of a judgement call. When I did tutorials for PC Plus (oh happy days :( ), I'd spell things out in words of one syllable and this kept things pretty slow and basic. On Reg Dev, my assumption is that our readers have a fair chance of being more experienced than I am and can look after themselves. But they might be the same readers, in fact.

    But, people have to learn to recognise the context in which they find Web information.... Which is why we should bring back Librarians - but that's another story...

    0 0
  3. Tony Dunt

    A potentially good tutorial that lacks focus

    Thomas Hansen posted: "When a writer points out that he knows that it's not the 'correct' way to do something that I know something about, it makes me more confident that he'd do the same for the stuff I don't know about."

    I must disagree with the above comment by Thomas and the practise of what to include in a tutorial.

    The AJAX tutorial was about AJAX, not MySQL. It WAS about handling form data, which does not necessarily mean that it WILL be stored in a database. The Subject of the tutorial was not only a good idea, but also a valid and extremely simple and effective way to use AJAX.

    In my opinion, this tutorial would have been better written, focused entirely on the AJAX principles. Handling the form data after it is submitted is a different issue which could be dealt with in a seperate tutorial. Those reading the article will be reading it because of their interest in AJAX. Delving in to setting up servers, downloading clients or using MySQL is simply a distraction from the intended topic.

    0 0
  4. David Norfolk

    Adding a MYSQL user - correction

    Deepak has asked me to post this here (I'll modify the article too):

    The Creating a MySQL user section should be modified to:

    We now need to create a MySQL database user. To do this we login to the MySQL database using following command:

    mysql --user=root mysql

    A new user may be added to the user table with an GRANT statement as shown below (as an example, we’re creating

    a user 'mysql' with password 'mysql'):

    GRANT ALL PRIVILEGES ON test TO 'mysql'@'localhost'

    IDENTIFIED BY 'mysql' WITH GRANT OPTION;

    0 0
  5. Deepak Vohra

    Creating a MySQL User

    Also, you should never routinely give users the grant privilege, since this is a gaping security hole, especially in a web application. In most situations, only the MySQL root user needs to have grant privileges.

    The MySQL documentation has examples of creating a user other than root which includes granting the Grant option to user.

    http://dev.mysql.com/doc/refman/5.0/en/adding-users.html

    If GRANT option is not required the GRANT statement to create a MySQL user would be:

    GRANT ALL PRIVILEGES ON test TO 'mysql'@'localhost'

    IDENTIFIED BY 'mysql'

    0 0
  6. Deepak Vohra

    Thanks to David

    Thanks to David for comments about creating a MySQL user. I quoted some of his comments in blog post (Creating a MySQL User). As the blog does not have provision to add HTML markup, David's comments are not italicized.

    0 0
  7. Deepak Vohra

    Creating a MySQL User-Repost

    "Also, you should never routinely give users the grant privilege, since this is a gaping security hole, especially in a web application. In most situations, only the MySQL root user needs to have grant privileges."-David

    The MySQL documentation has examples of creating a user other than root which includes granting the Grant option to user.

    http://dev.mysql.com/doc/refman/5.0/en/adding-users.html

    If GRANT option is not required the GRANT statement to create a MySQL user would be:

    GRANT ALL PRIVILEGES ON test TO 'mysql'@'localhost'

    IDENTIFIED BY 'mysql'

    0 0
  8. Void Main

    To nitpick and get farther off topic but everyone here is wrong so far...

    Just kidding about the everyone being wrong part but I "cringe" (as the other commenter put it) when I see people "GRANT ALL" to database web accounts that should really be restricted to bare minimum required access. It's much like when I see people tell other people to "chmod -R 777 /var/www/html" their web directories, or set ownership to the owner of the web server process. These people will surely get 03n3d by k1dd13 h4x0rs sooner or later. So, if the web user will only need SELECT and INSERT on MYTABLE in MYDATABASE then only grant then SELECT and INSERT on MYTABLE in MYDATABASE. I don't think there is anything wrong with using proper/secure examples if you are going to use examples at all.

    GRANT SELECT,INSERT on mydatabase.mytable TO 'mywebuser'@'localhost' IDENTIFIED BY 'mypassword';

    Web accounts typically will also need DELETE and UPDATE privileges but they usually don't need to create or delete tables for instance. Just give the account what it needs. Applying any security measures you can wherever you can might save you some embarrassment down the road (and if you are lucky, only embarrassment).

    0 0
This topic is closed for new posts.