This is actually a bit of a general-database question, since I'm sure it has the same or similar repercussions regardless of which RDBMS you use, but I'm curious: is it possible to "safely" allow users to maintain their own passwords to a database? [and if so, how?]
I'm sure I can do this "programmatically" by having my program connect to the database using the "root" user/password, but that means embedding the password in the program [i.e., viewable with "string..."] so once a user deciphers that, they are free to run "mysql -u root" from anywhere the "application" could run. maybe I'm thinking in a deranged way, but it seems that granting "update" access WITHOUT granting "select" access to the user table in mysql [and perhaps even limited to the password column] would enable a user to change their password without being able to read anyone else's (encrypted) password value; HOWEVER that would also allow them to CHANGE anyone ELSE'S password [even "root"] -- is it possible to limit access at the ROW level? (i.e., user "x" can only select/update records with "user='x'") The reason I'm doing this is that I'm designing an application that logs on with a "fixed" username and uses it's own "user/password" table to validate end-users. The program notes if a password in the database is blank -- if so, it compares the user-supplied password with a (eventually well-known) "first-time" password and forces the user to set a new password, so obviously the "fixed" user ID needs the ability to udpate the application's password table, which has the same problems as the "system" level table, but limits the "damage" that can be caused to just the application and not "all of mysql"... (i.e., crackers could determine the "fixed" user's password by scanning the executable, but that won't let them harm anything other than the application itself...) Ultimately, I'd like to use mysql's user/password (grant) facillities directly, but since the application would be distributed to offices nationwide [all "phoning home" to the central database via the internet], I don't want to burden the one system manager/DBA with the responsibility of maintaining every single clerk and technician that can use the system -- I'm willing to let the office manager at each location enter and maintain employees local to that office [which makes sense because that person also does the hiring/firing...] but for obvious reasons, the "managers" cannot manipulate values for other offices [though, I suppose, I have to trust SOME of them... ;) ] If I could guarantee that the "only" access to the database was via my program, then I'm certain I could create logic to maintain passwords safely; however this is not the case -- not only is "mysql" available as a simple client, but anyone with a smattering of knowledge of "Access" and the myodbc connector could create their own "manipulation" program and circumvent any safety protocols I establish. --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
