I'm working on a website/database deal, and right now I'm designing the
security model.
It's using LAMP(HP), so all the tricks are going to be through PHP.
First off, this will be behind a firewall with SSL encryption. We may also
setup some kind of VPN tunneling.I'll be ignoring other security details
that don't apply to the problem at hand, but please feel free to suggest.
I'm going to have users enter a username and password, with PHP emulating
the htaccess dialogue boxes. I would like to check the entered values in a
permissions table. This table looks like:
username | passwordhash | ipaddress | permission
All users will have a static IP, so they have to match the
username-password-ipaddress combination. I'm storing the passwords as an MD5
hash in case someone breaks in and reads the table.
So what MySQL user does PHP log onto as the database as, in order to read
the permissions table? (After that, we just go with the logged user's
permission). If I make a special user that just has permission to read the
permission table, do I have to store that user's password plaintext in a php
script somewhere, thus adding a security risk if someone were to get a hold
of that password?
Steve
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/my***********...ie.nctu.edu.tw