Hi Steve, I understood that usually the data required to connect to a db is stored in a outsorced php file. For mysql clients you can define usernamepassword etc. in the my.cnf configuration file, but I am not sure if a PHP client would access this file.
Best regards Nils Valentin Tokyo/Japan 2003年 8月 13日 水曜日 06:00、Lefevre, Steven さんは書きました: > I'm working on a website/database deal, and right now I'm designing the > security model. > > It's using LAMP(HP), so all the tricks are going to be through PHP. > > First off, this will be behind a firewall with SSL encryption. We may also > setup some kind of VPN tunneling.I'll be ignoring other security details > that don't apply to the problem at hand, but please feel free to suggest. > > I'm going to have users enter a username and password, with PHP emulating > the htaccess dialogue boxes. I would like to check the entered values in a > permissions table. This table looks like: > > username | passwordhash | ipaddress | permission > > All users will have a static IP, so they have to match the > username-password-ipaddress combination. I'm storing the passwords as an > MD5 hash in case someone breaks in and reads the table. > > So what MySQL user does PHP log onto as the database as, in order to read > the permissions table? (After that, we just go with the logged user's > permission). If I make a special user that just has permission to read the > permission table, do I have to store that user's password plaintext in a > php script somewhere, thus adding a security risk if someone were to get a > hold of that password? > > Steve -- --- Valentin Nils Internet Technology E-Mail: [EMAIL PROTECTED] URL: http://www.knowd.co.jp Personal URL: http://www.knowd.co.jp/staff/nils -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
