Hi Mike, You queried:
> Just a quick question, if I am going to make a database using MYSQL and have > front end applications, is it better to give each user a username/pass and > have them enter it into the front end to be passed to the server, or should > I give the app a password, hardcode it into the app for database > connections, and have a user/pass table which the app uses to authenticate > users? I would like the users to not be able to connect directly to the > server, as different, competing client's data is stored on the same table, > and the app has to make sure they cannot see eachother's data. > > Mike I would guess you would want to keep the MySQL passwords for internal use -- maintaining the security of the system, and implement an external password scheme for your users. That would give you more flexibility with the end-users. Particularly, during development and pre-alpha demos for feedback, you can use something really simple, leaving time to get the database right. Then you can make the security as tight as necessary after you have a good idea of what the users needs are. If the number of users is "small", you might want to parallel the user's passwords with internal database passwords that the end user should never see. You would have to weigh the increase in complexity and chances for holes against the expected gain, of course. And possibly increased time for development. Another thought, I noticed while perusing the manual (section 4.1.4) yesterday that (at least under *NIX) MySQL can run multiple instances of itself. So you could have a "virtual" server for each registered end-user or something like that, with a master server to hold all the tables everybody needs to see. Or perhaps a server for each party. Again, you would have a lot of trade-offs to consider. Joel Rees Alps Giken Kansai Systems Develoment Suita, Osaka --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
