We are developing a PHP/ MySQL application and are attempting to avoid the privilege escalation problem. Here's a solution I am thinking about.
Our session values are stored in a database, so that multiple applications can access it. I was thinking about creating a new field in the session table which stores the user privilege value.
Now what I am wondering is if there is some way in MySQL whereby I can restrict the value of the table field to be entered only once till it is deleted. To further explain it, I want to be able to enter a value in the session.user_privilege field when a session starts. No modifications can be made to this field until it is deleted.
One way, I am currently thinking of is by creating a new user who is the only one that has write access to the field. Then as long as I modify the field from a place that I know a regular user on my site cannot access, I should be safe.
I am afraid this method is going to cost me in terms of time though.
Any comments/ suggestions are welcome.
Rishi
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
