We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

keyless indexless tables | Forum

Topic location: Forum home » Support » General Questions
dave Leader
dave Jul 12 '14
I noticed something the other day in my billing software i use.  They are using some primary keyless and indexless tables in their db to help secure it. Meaning such as a config table, there is no primary key, no index.


There is no way to manually edit the table, it has to be by sql or by query.  I think thats a great idea, i dont know how long they have been using it but im sure the idea has been around for a while as i dont pretend to know it all. 


I was curious if oxwall was headed in this direction, honestly i have not seen such a table with oxwall, but then again i have not seen all the tables either. 


:)


#1
dave Leader
dave Jul 12 '14
Basically you dont need a key or an index to use a table.  So php query and phpMyAdmin using sql work just fine, it takes away the ability for someone to change your db info directly in the table without doing either a query or sql.  So you cant edit rows, you cant delete rows, you cant edit or delete or modify anything in the table without an official system query or sql, either by php/mysql or phpMyadmin sql..    Thats how it works. 


ps  i dont think the keys or index are hidden, they are just not there. 

#2
Pete
Pete Jul 12 '14
I was looking at your first post ,I cant see how your DB can work with empty tables ,I reckon the content is hidden
#3
dave Leader
dave Jul 12 '14
no no no there pete lol..  the content is not hidden, you can see the content just fine, but you cant change, edit, delete anything without a system query either via file php/mysql or phpMyAdmin sql.  


When you look at the table in phpMyAdmin there is a system message on the top that says something like "this table has no primary key or index, edit delete options have been disabled and are not available"   

#4
dave Leader
dave Jul 12 '14
see pete doing it that way, your queries have to be very precise and exact to work. You cant just say WHERE id = 1  because in some of these tables like this there is no ID to speak of. You have to be very deliberate and exact with your query, which helps to protect against sql injection as well. 
The Forum post is edited by dave Jul 12 '14
#5
Pete
Pete Jul 12 '14
Sorry Dave I have been up all night and my brain is asleep I think , I have made the same mistake when posting on about 3 diff posts ,I think its time I got some sleep.
#6
dave Leader
dave Jul 12 '14
yes sir, get some rest... nighty nightzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.. :)
#7
Pete
Pete Jul 12 '14
lol  
#8
ross Team
ross Jul 15 '14
Dave, what do you imply by securing tables? just an option not to be deleted/edited manually? As to the Oxwall software, indexes are need for searching data, otherwise search would take a long, loooooooong time :)
#9
dave Leader
dave Jul 15 '14

ross, dont misinterpret or read too much into that, i was not saying that oxwall was not secure, i was just giving an example of a technique that was used is all.  No implication at all :)


As for the searches that is fine, even the software that does this kind of thing still uses the traditional method on tables that need it, it is not set up for all tables to be this way.  Maybe just like a config table or something of that sort.

#10
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software