Right. > The user has a login for the php frontend. The frontend would simply use the info from the user table. Username / old password / new password supplied via webform for example, php connect to mysql, and looks for a matching record in the user table for username / old password, compares, voila!
... Miles Mawyer -=- Webmaster . Centralva.net ... ... [EMAIL PROTECTED] ... ... 434.385.5053 ... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maqbool Hashim Sent: Wednesday, April 13, 2005 9:47 AM To: freeradius-users@lists.freeradius.org Subject: Re: deployment question That makes sense. So effectively the php program has a login for the database. The user has a login for the php frontend. What the user sees depends on the credentials he supplies to the php frontend. Therefore the security rests with the php frontend. Right? Miles Mawyer wrote: >See previous answer :P >A php or perl frontend to pull JUST that users record. Have them >authenticate FIRST via the current password, then update the record that >contains that username. Make sense? I don't see a need for them to view >the whole table if you use a method such as this. > > > >... Miles Mawyer -=- Webmaster . Centralva.net ... > >... [EMAIL PROTECTED] ... > >... 434.385.5053 ... > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of >Maqbool Hashim >Sent: Wednesday, April 13, 2005 9:22 AM >To: freeradius-users@lists.freeradius.org >Subject: Re: deployment question > >sorry I'm not being clear here. When I meant was, if all users are >contained in the same table, how can I allow a user to change just the >row which corresponds to their username without revealing the rest of >the table? > > >Miles Mawyer wrote: > > > >>>Isn't it going to be difficult to give a single user access to change >>>their password while hiding other users passwords? >>> >>> >>> >>> >>Well, I suppose that depends on what you mean by "give them access". >>Are you you talking direct access via mysql command line or phpmyadmin? >>I don't know your specifics BUT, it sounds to me like a job for a php >>front end of some sort. That would certainly make that a moot point. >> >> >> >>... Miles Mawyer -=- Webmaster . Centralva.net ... >> >>... [EMAIL PROTECTED] ... >> >>... 434.385.5053 ... >> >> >>-----Original Message----- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On Behalf Of >>Maqbool Hashim >>Sent: Wednesday, April 13, 2005 9:09 AM >>To: freeradius-users@lists.freeradius.org >>Subject: Re: deployment question >> >>Thanks, I'm just thinking that mysql is a big and complex program which >> >> > > > >>offers a lot of features. Our requirements are quite specific. I'm >> >> >not > > >>saying I'm ruling out using mysql, just would like to hear whether >> >> >there > > >>are any alternatives. Also, I notice that the mysql schema has a a >>users table. Isn't it going to be difficult to give a single user >>access to change their password while hiding other users passwords? >> >>Miles Mawyer wrote: >> >> >> >> >> >>>>However my concern is that MYSQL is a little bloated and would prefer >>>> >>>> >>>> >>>> >>>> >>>> >>>to >>>Bloated? How so? >>> >>>How many users are we talking about here? Sounds like a decent task >>> >>> >for > > >>>MySQL to me :) If you are worried about database size etc. I'd do a >>>shell script or something to throw in X number of dummy users and see >>>what you end up with. >>> >>>... Miles Mawyer -=- Webmaster . Centralva.net ... >>> >>>... [EMAIL PROTECTED] ... >>> >>>... 434.385.5053 ... >>> >>>-----Original Message----- >>>From: [EMAIL PROTECTED] >>>[mailto:[EMAIL PROTECTED] On Behalf Of >>>Maqbool Hashim >>>Sent: Wednesday, April 13, 2005 8:57 AM >>>To: freeradius-users@lists.freeradius.org >>>Subject: deployment question >>> >>>Hi there, >>> >>>After some trouble I have managed to get freeradius to compile on >>>openbsd! Now I have a question about the backend database to use with >>> >>> > > > >>>freeradius. Requirements: >>> >>>1) Users can access the database and change their own password. >>> >>>2) Users cannot see or change any other users passwords. >>> >>>3) The database we use is as small and cut down as possible while >>>including the above two features. >>> >>> >>>I have thought about using MYSQL and table priveleges to acheive this. >>> >>>However my concern is that MYSQL is a little bloated and would prefer >>> >>> >>> >>> >>to >> >> >> >> >>>acheive the above using the most cut down db I can. By the way this >>>configuration has only one realm. >>> >>>Thanks in advance. >>> >>>- >>>List info/subscribe/unsubscribe? See >>>http://www.freeradius.org/list/users.html >>> >>>- >>>List info/subscribe/unsubscribe? See >>> >>> >>> >>> >>http://www.freeradius.org/list/users.html >> >> >> >> >>> >>> >>> >>> >>- >>List info/subscribe/unsubscribe? See >>http://www.freeradius.org/list/users.html >> >>- >>List info/subscribe/unsubscribe? See >> >> >http://www.freeradius.org/list/users.html > > >> >> >> >> > > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
