Open loekvangool opened 1 year ago
Hey @loekvangool, I've opened a PR to add this feature. Can you test it and let me know if everything is good?
@elidrissidev Thanks for your quick work on this. It did seem like a good solution, but @Flyingmana 's is right about the trouble with emulation. The proposed solution with webserver variables is OK for me too, although not as elegant.
Description
While monitoring OpenMage with logging/APM/slowlog tooling, I'm finding it necessary to distinguish between admin and frontend database access. For example, I'm much more interested in front-end slow queries than admin slow queries. However it's not possible to separate these two traffic flows from the database server logs. Changing the database user uses seems to be an elegant solution.
Expected behavior
Maybe we should extend
core_read
andcore_write
withadmin_read
andadmin_write
? I'm not sure how feasible it would be, but I know thatcore_read
is optional and therefore there already is a fallback mechanism in OpenMage's PDO implementation.On top of this, it allows tighter database authorizations for the front-end database user, e.g. the front-end probably does not need
CREATE
,DROP
orTRUNCATE
authorizations, limiting the impact of a security breach.