Security is built in shells (much like onions).
Application layer- This is where your user interacts with your code. In your case, I believe that you have a web server running code you wrote in PHP responding to user requests. Your web server uses a user account to interact with the operating system. Your user must authenticate with the web server (even if they authenticate as "anonymous") in order for the server to know what pages that visitor has rights to see. Some web servers check user credentials against a list of users they maintain, others allow your users to use a system login (if they have one) Your application can also maintain a set of login credentials for the users of your site. You can chose to inherit the username from the Web Server, the Operating system, or from an authentication process written specifically for you application. This is the step where your application verifies that the current user is authorized to use your application. Your application itself has several options for how it is recognized by the operating system. Since your application is "hosted" by your web server, it (the server) has the option of either starting your application as a child process of itself (meaning that your application has the same user rights as your web server) or as a stand-alone process (your application needs its own operating system account complete with its own set of permissions) Data Access layer - This is where the database server handles requests for data and connections. Connections can come from just about anywhere: web servers, php applications, other external programs (like the MySQL client, or another MySQL server), etc.). Before a client (a client is anything that needs a connection) is permitted to connect to the database server, that client must first prove to the server that it is permitted to make a connection. It does this by validating a username and password with the server. Once the connection is established, all rights, privileges, and restrictions are now in effect for the account that was used to establish the connection. Operating system layer - Any program that needs CPU time, access to files, or access to memory must authenticate itself to the operating system before it can run. The operating system has the last word when it comes to permissions. If an applications "user" account does not have the correct privileges to do what it wants to do (like read a file from a certain directory) the operating system says "no" and errors abound. So, when you mention "user authentication" it makes me wonder.... 1 - Are you trying to let the user see your web pages (Web server settings and maybe OS permissions, too) 2 - Are you trying to let your application know who a visitor is (comes from either web server information or application information or both) 3 - Are you trying to make a PHP connection to a database server. (MySQL user setting + PHP connection code. This is almost always different your OS user information) I think what you are running into is the 3rd issue because you seem to think that PHP may be logging into the database (creating a database connection) with your OS credentials. While I believe it is possible to script that, I don't think that is the default behavior. You should probably review the PHP function that you are using to create your connection to MySQL (mysql_connect()) and review the parameters it takes. You may need to create a new MySQL account, modify an existing MySQL account, GRANT privileges to an account to the tables it needs access to, and/or use the correct MySQL account in the mysql_connect() function. DISCLAIMER - Different web servers operate differently and expose different security APIs so your mileage may vary. Shawn Green Database Administrator Unimin Corporation - Spruce Pine Brandon Carter <[EMAIL PROTECTED]> wrote on 10/06/2004 01:02:02 PM: > I have never set up a web site running a mysql server, > so I am little fuzzy on details concerning user > authentication. Let's say I am creating a page where > the user will enter his/her information. I write a > PHP script to update the mysql table when they click > 'submit'. Do I have to grant priveleges to anyone but > myself on that table? The script is running from my > directory, so it's really me who is updating the > table, and it's my authentication information that the > mysql server gets, right? > > Sorry if that's a totally na�ve question. Gotta start > soemwhere. > > --Brandon > > > > _______________________________ > Do you Yahoo!? > Declare Yourself - Register online to vote today! > http://vote.yahoo.com > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] >
