Kenneth Downs wrote:
[EMAIL PROTECTED] wrote:
Why do you need to store the password?
<snip>
Database access. Each trip to the server requires that you make a
connection to the server.
In the PHP+MySQL world it is taken as an article of faith that you
connect to the database as a super-user or admin, and your application
code handles security. But not everybody thinks this way.
Thanks. That was the only reason I could think of(not MySQL actually,
but any external system you need the php script to authenticate too and
want to manage security in that external system at a user level).
Though I would argue that is standard to use a single userid/password
for all connections, not that it is the admin or super user.
I would be tempted towards using some sort of token generated
authentication scheme instead, so instead of saving a userid and
password in the session you save a token. But I'm not quite sure to
what levels MySQL has advanced DB wise, and not every third party app
will support an alternate authentication mechanism. And in the end, if
it works, why bother?
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
