Hi!
(for filter: Mysql queries query longint)
Oh no, the people who log in cannot modify scripts. That would be suicide.
. . They log via something I made that maintains an md5 hash (quite a long
one) which is their "log-in flag" maintained via a cookie while they are
logged in. It also requires the user's personal password (which has nothing
to do with the database). Then they can access the database via scripts (as
long as they are logged in). This looks like
if (user_isloggedin()) {
include($DOCUMENT_ROOT.'/include/SomeScriptNameHere.php'); //this include
has database id and password
. . . a bunch of code here (current script)
}
else {//some error message advising user to log in}
So the database id and password are buried in an "include" script. The
scripts just do some inserting and updating on tables that "belong" to the
person in question, so they can (in the case of the learning/testing
application for instance) enter test questions and post tests that their
students can access.
I'm hoping that people can't get access to the id and password but I have
always assumed that someone with ability may be able to extract the script
itself and examine it. However, since they can't log in to the server (but
only to my "log in" facility, which allows them access to a folder
containing a script which they cannot modify) they are not "localhost" users
or visitors. The scripts they can access reside on localhost, but nobody
can touch the scripts. . .
Thanks again! I'm feeling somewhat better!
Cheers!
-warren
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
