Hi! (for filter: Mysql queries query longint)
Oh no, the people who log in cannot modify scripts. That would be suicide. . . They log via something I made that maintains an md5 hash (quite a long one) which is their "log-in flag" maintained via a cookie while they are logged in. It also requires the user's personal password (which has nothing to do with the database). Then they can access the database via scripts (as long as they are logged in). This looks like if (user_isloggedin()) { include($DOCUMENT_ROOT.'/include/SomeScriptNameHere.php'); //this include has database id and password . . . a bunch of code here (current script) } else {//some error message advising user to log in} So the database id and password are buried in an "include" script. The scripts just do some inserting and updating on tables that "belong" to the person in question, so they can (in the case of the learning/testing application for instance) enter test questions and post tests that their students can access. I'm hoping that people can't get access to the id and password but I have always assumed that someone with ability may be able to extract the script itself and examine it. However, since they can't log in to the server (but only to my "log in" facility, which allows them access to a folder containing a script which they cannot modify) they are not "localhost" users or visitors. The scripts they can access reside on localhost, but nobody can touch the scripts. . . Thanks again! I'm feeling somewhat better! Cheers! -warren --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php