I have a django application which talks to a database to which several other applications of mine talk to. When the application starts it reads different tables in different databases and uses it to determine which connection to use for which table.
Is it a good practice or bad practice to allow an application to read all table names in
such a manner?
following is the excerpt from my routers.py :
db1_tables = connections['db1'].introspection.table_names()
default_db_tables = connections['default'].introspection.table_names()
db3_tables = connections['db3'].introspection.table_names()
class MyAppRouter(object):
def db_for_read(self, model, **hints):
if model._meta.db_table in db1_tables :
return 'db1'
if model._meta.db_table in default_db_tables:
return 'default'
if model._meta.db_table in db3_tables:
return 'db3'
return 'default'
def db_for_write(self, model, **hints):
return self.db_for_read(model,**hints)
def allow_syncdb(self, db, model):
return False
Can anyone highlight the pros and cons for this approach? One advantage I see with this approach is that I do not have to maintain a list of table names in each database that I am using. One possible disadvantage is that I am reading even the names of those tables which my application does not have access to.
I don’t see a problem with this approach if the other tables don’t contain sensitive information. I.e., I would generalize the situation like so: If you have an app that connects to a database but doesn’t use all the tables of that database, and the knowledge that those tables exist is itself a security issue — then those tables shouldn’t be in that database.