> My assumption:
> mysql> GRANT SELECT, INSERT, UPDATE ON client_db.*
> TO db_user@localhost IDENTIFIED BY 'password';
>
> Now this is where I get a bit confused. It's not clear to me where the
> client is connecting from. I assume they are connecting from localhost
> because everything is all on the same server. But:
The PHP script will usually connect from/to localhost, yes.
> ---are they, in actuality, connecting from their own virtual host, "
> [EMAIL PROTECTED] "?
I shouldn't think so. But why don't you let them try it
out? The error message returned will usually something along
the lines of "Access denied for [EMAIL PROTECTED] (using
password: YES)" - that will tell you, how MySQL thinks the
user is conecting.
> ---they are connecting from a remote machine, so are they, then,
> connecting
> from some other host?
Err... methinks, that's rather obvious: Yes.
> ---if they are connecting from a remote machine with a dial-up connection,
> then it is undoubtedly a dynamic IP address, so there would be no
> consistent
> "host" to connect from.
No, and while you cannot lock this problem down completely,
you can at least limit the size of the opening between the
gateposts: MySQL allows you to specify only parts of an IP
mask as the host (something like "db_user"@"192.168.%.%" --
I forget the exact syntax; it's in the manual). Once you know the
possible range of IPs their ISP provides, you can limit the
database access to these.
/ Carsten
--
Carsten H. Pedersen
keeper and maintainer of the bitbybit.dk MySQL FAQ
http://www.bitbybit.dk/mysqlfaq
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
