February 1st, 2000, 11:11 AM
Hi to everybody in this forum!
Im searching for some genral tips on handling authentification for a mySql-DB
I´ve got to build a web-DB interface which should offer access to the DB depending on which user logs in (using username +
I´ve used the auth header stuff for my own page and that works just fine. Question is:
Using the $PHP_AUTH_USER and $PHP_AUTH_PW
for the DB connections(as DB User & pass)means that mySql must have a user with the given values. If a new user should be added flush privileges must be started to update the user DB and this requires root access (something I don´t want to grant the client for security reasons).
Does somebody know a better way?
I thought aboout using a standard mySql-User and looking the $PHP_AUTH_USER & $PHP_AUTH_PW vars up in a seperate DB. Advantage would be that my client would be able to add new users, disadvantage would be that all users had the same priviliges.
I´m not sure which is the best way so _please_ give me some advise...
February 4th, 2000, 12:02 PM
Why not just group users. Make a MySQL user for every usergroup. Then just assign a "real" user til a MySQL user. That way you can have a group of admins and a group of read-only users etc.