I'm working on a website/database deal, and right now I'm designing the security model.
It's using LAMP(HP), so all the tricks are going to be through PHP. First off, this will be behind a firewall with SSL encryption. We may also setup some kind of VPN tunneling.I'll be ignoring other security details that don't apply to the problem at hand, but please feel free to suggest. I'm going to have users enter a username and password, with PHP emulating the htaccess dialogue boxes. I would like to check the entered values in a permissions table. This table looks like: username | passwordhash | ipaddress | permission All users will have a static IP, so they have to match the username-password-ipaddress combination. I'm storing the passwords as an MD5 hash in case someone breaks in and reads the table. So what MySQL user does PHP log onto as the database as, in order to read the permissions table? (After that, we just go with the logged user's permission). If I make a special user that just has permission to read the permission table, do I have to store that user's password plaintext in a php script somewhere, thus adding a security risk if someone were to get a hold of that password? Steve -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
