Hacker News new | ask | show | jobs
by petriw 4855 days ago
Just remember to always verify it's still read only.

Or a coworker will find the login in your scripts, repurpose it, then notice they need more rights and "fix" the account for you.
3 comments
MBCook 4855 days ago
Plus read-only isn't a guarantee. You can't write data, but you can run a bad select or join that ends up effectively locking the database.

SELECT * FROM my_200_GB_table will always be there.

link
michaelt 4853 days ago
Why should a select or join lock a database? Surely no database lets one query starve another of IO or CPU?
link
mst 4855 days ago
I like to suffix such account names with _readonly.
link
arethuza 4855 days ago
"find the login in your scripts"

It's actually quite nice using a database server that doesn't require explicit credentials to be used.

link