数据库连接的最佳方法(Best approach for DB connections)

数据库连接的最佳方法(Best approach for DB connections)

什么是数据库连接的最佳方法。

一个连接具有所有操作的所有权限（CRUD）

要么

2个连接，一个用于DELETE，另一个用于其他（CRU）

要么

每个操作的连接不同。

哪个最适合性能和安全性。

What is Best approach for DB connections.

One connection with all privileges for all operation (CRUD)

Or

2 connections, one for DELETE and one for others (CRU)

Or

Different connection for each operation.

Which is best for performance and security.

最满意答案

我个人会坚持一个连接。

拥有1个具有所有权限的连接和具有2个连接之间没有安全性差异。 如果攻击者能够访问CRU凭证，那么他们无论如何都可以轻松访问其他凭据。

在很大程度上保持简单是有价值的。 您需要考虑的管理连接的次数越多，那么您在安全编码，最佳实践，管理漏洞等方面获得的空间就越多。

如果您特别关注批量删除，可以使用删除单行的存储例程（从此处开始： http ： //dev.mysql.com/doc/refman/5.1/en/stored-routines.html ） 。 您的PHP连接可能具有CRU权限（但不能删除），还有运行此存储过程的权限。 这意味着攻击者必须多次调用此过程才能删除多个记录，并且（如果正确完成）将无法使用单个SQL语句实现批量删除。

I personally would stick with one connection.

There's no security difference between having 1 connection with all of the privileges and having 2 connections. If an attacker is in a position access the CRU credential, then they can just as easily access the other credential anyway.

To a large extent there's value in keeping it simple. The less you have to think about managing connections, then the more headspace you've got for other things like secure coding, best practice, managing vulnerabilities etc.

If you're particularly concerned about mass deletes, you could use a stored routine (start here: http://dev.mysql.com/doc/refman/5.1/en/stored-routines.html) that would delete a single row. Your PHP connection could then have CRU privileges (but not delete), plus permission to run this stored precedure. That would mean that an attacker would have to call this procedure multiple times to delete multiple records, and (if done properly) would be unable to effect a mass delete with a single SQL statement.