Reputation: 62464
MySQL Log Administration - Protection against developers
I'm working on logs for a customer service application. Another guy who is not a very experienced developer is working on other things, but we're both in the same database. He has some friends that work in Customer Service. I don't think he'd delete logs, but I want to be sure that if logs were deleted, we'd know about it.
Is it possible to get an email if a row is deleted, can I make a backup of that row in another database somewhere of the "deleted" data if it was deleted...... what are my options?
Or better yet.... what do you do?
Update
Part of the issue here is that there is no "programming" or "development" manager. The company has 25 employees - 2 of which are developers and we answer to the office manager who knows nothing about development.
Upvotes: 0
Views: 151
Answers (5)
Reputation: 22350
Make backups in another table with ENGINE=ARCHIVE? You need the privileges to run DDL statements in order to remove data from an ARCHIVE table.
Upvotes: 0
Reputation: 2462
For starters, don't allow developers access to the production environment. (Nobody should have direct access to the production environment except your highly trusted system administrator.)
Next, do all data changes via stored procs with a special account, and don't allow interactive access to the tables.
Finally, as part of the software, add an audit trail so you can see who did the deletion.
Upvotes: 1
Reputation: 19356
That's one reason why developers should not have access to production data. There are many more, privacy comes to mind, but to me the most important is still that you do not want anyone, no matter how trusted, able to "mess" with live data in any way.
So make sure developers work against a separate database, and ensure that the live production database does not have any users with priviliges they shouldn't have.
Upvotes: 0
Reputation: 29482
Or better yet.... what do you do?
Create second database user for him and do not grant DELETE privileges for log table?
Upvotes: 1
Reputation: 449783
I think hourly backups, and if necessary comparing the row counts, are the easiest and most reliable thing to do.
Upvotes: 0
Related Questions
- Protecting SQL Server for Private Usage
- how to prevent anyone from dropping, deleting, and changing the contents of a log table in mysql
- Is it safe to grant developers access to tables publicly with PHP?
- Development database credentials best practices?
- Securely deploy an application with mySQL login data
- Storing critical data into MySQL Database
- Comfortable watching on logs of MySQL
- Good security in MySQL web application: Root? Not Root?
- How to improve security of mysql database
- Keep database information secure