|
Posted by kees hessels on 03/21/06 20:42
Thanks AHO, I changed my app, and it works like it should again.
"J.O. Aho" <user@example.net> wrote in message
news:48aqekFjba7pU1@individual.net...
> kees hessels wrote:
>> My application is designed so that each user has his own database.
>> Is there a change that one user may be connecting to somebody elses
>> database?
>
> As long as you define which database the user is supposed to connect in
> your scripts, then there is no risk that they will get connected to the
> wrong one,
> see to that the sql-user data is right
>
> /* really simplified example */
>
> switch($webuser) {
> case "john":
> $username = "mysql_john";
> $password = "johnspassowrd";
> $databasename = "johns_db";
> break;
> case "mary":
> $username = "mysql_mary";
> $password = "maryspassowrd";
> $databasename = "marys_db";
> break;
> default:
> exit;
> break;
> }
>
> $resource=mysql_connect("localhost",$username,$password);
> mysql_select_db($databasename,$resource);
>
>
> Just use a function that checks who the logged in person is (from your
> session data) and then use the right $username, $password and
> $databasename.
> In the simplified example, only the one who us logged in as mary in the
> web application will access the database assigned to mary and mary can't
> access data in johns database (this is really restricted by the GRANT who
> has access to what database/tables,
> http://dev.mysql.com/doc/refman/5.0/en/grant.html ).
>
> Of course you can do more advanced ways to connect each user to the right
> database without a need of a switch-case, everything depends on how you
> name the databases, how you set database users/passwords (you could have
> one and the same user/password for all the users databases, but that leads
> to the downside that it would be possible to access others data with user
> defined SQL statements, but your application may not allow this).
>
>
> //Aho
Navigation:
[Reply to this message]
|