|
|
Posted by Andy Jeffries on 05/18/06 16:37
On Thu, 18 May 2006 12:48:38 +0000, Mary Pegg wrote:
>> to have a table set up with valid user (ID, username, password) but also
>> has to set up a MySQL user account for each one to connect with.
>>
>> Perfectly valid, but a royal pain in the ass and probably not as
>> intended...
>
> Nope, but OTOH if you use the supplied username / password to make the
> database connection, no further authentication is required and they are
> pretty much guaranteed not to be able to get any further...
True, but it's also then a pain in the ass to retrieve other attributes
relating to the logged in user (real name, DOB, email address).
Also if your database is open to the world on port 3306 (it shouldn't be,
but you never know - someone may feel they have a justifiable reason) then
you're gifting them access to be able to examine the table/database
structure.
Cheers,
Andy
--
Andy Jeffries MBCS CITP ZCE | gPHPEdit Lead Developer
http://www.gphpedit.org | PHP editor for Gnome 2
http://www.andyjeffries.co.uk | Personal site and photos
[Back to original message]
|