I'm trying to create a secure remote API for working with a database. Without having to create my own server daemon, I figured the best way would be using stored procedures.

My only problem is permissions. I want these procedures to be able to do things like make new users with passwords. I'm able to grant permission, but INDENTIFIED BY always wants a TEXT_STRING to come after it, so variables aren't allowed.