|
Posted by J.O. Aho on 03/21/06 19:11
kees hessels wrote:
> My application is designed so that each user has his own database.
> Is there a change that one user may be connecting to somebody elses
> database?
As long as you define which database the user is supposed to connect in your
scripts, then there is no risk that they will get connected to the wrong one,
see to that the sql-user data is right
/* really simplified example */
switch($webuser) {
case "john":
$username = "mysql_john";
$password = "johnspassowrd";
$databasename = "johns_db";
break;
case "mary":
$username = "mysql_mary";
$password = "maryspassowrd";
$databasename = "marys_db";
break;
default:
exit;
break;
}
$resource=mysql_connect("localhost",$username,$password);
mysql_select_db($databasename,$resource);
Just use a function that checks who the logged in person is (from your session
data) and then use the right $username, $password and $databasename.
In the simplified example, only the one who us logged in as mary in the web
application will access the database assigned to mary and mary can't access
data in johns database (this is really restricted by the GRANT who has access
to what database/tables, http://dev.mysql.com/doc/refman/5.0/en/grant.html ).
Of course you can do more advanced ways to connect each user to the right
database without a need of a switch-case, everything depends on how you name
the databases, how you set database users/passwords (you could have one and
the same user/password for all the users databases, but that leads to the
downside that it would be possible to access others data with user defined SQL
statements, but your application may not allow this).
//Aho
[Back to original message]
|