I run a PHP symfony-framework web app for my company and it uses a single database login for all connections, whether the user is an admin or a client.
I know that higher security systems often use different logins for different levels of users.
Whether or not a use a framework, is this a security feature I should make use of?
Does it matter if the application is web-based or if it's intranet based?
To clarify:
Should I concern myself with creating a plugin for symfony to implement multiple db logins and should I do this for any other apps I create that are not based on a framework?
In case you're wondering, I'm using PHP5 and MySQL.
Best Answer
You typically have to weight the cost of doing so vs. the benefits ... but benefit in risk management is difficult to quantify.
Basically, it comes down to what the cost of an exploit would be, and what the likihood of it happening are.
So, having to restore from backup because someone managed to drop a table which creates a denial of service, and being down for a day has a cost to the company in terms of what profit they'd have made in that given time, but there's also an issue of reputation loss (ie, customers/users who stop doing business with you, or potential users who are less likely to do busines in the future) ... but we have to balance this by the likehood of someone successfully attacking the site and causing this.
If you're not storing credit cards, and you're not a big target (the type of site people would brag about taking out), you're less likely to be hacked ... although, if you're running commonly distributed software, you still risk attacks by script kiddies who are just looking for people running software with a known exploit.
...
What our security folks don't seem to understand is that it's a balancing act -- some changes for security will create a burden on your users. And sometimes, the security itself will cause outages (eg, one of our external partners moves IP ranges ... but the new holes in the firewall weren't made, and due to a "network hold" we can't get any changes made for over a week) or just performance degredation.
Sometimes it's just that it takes longer to code, or more headaches to maintain, etc.
But it's something you have to answer for yourself -- is the cost worth the benefit of having made the change? (and sometimes, if the cost is just in man-power, was there an opportunity cost; ie, could you have been doing something else that would derive even more benefit with your time?)