SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast
    Join Date
    Nov 2006
    Posts
    71
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    MySQL user permissions

    Hi there,

    I'm developing a blog style website that will allow users to create accounts and I have some concerns about the site's security. I'm somewhat of a MySQL novice and I'm struggling to find the info I need anywhere else, so if anyone can give me a few tips it would be much appreciated.

    1. Should I store the table that contains usernames/passwords in the same database as the rest of the site's data? (i.e. news stories, blogs etc.)

    2. Is it possible to limit a MySQL user's access to a couple of tables? For example, the hypothetical page 'edit_profile.php' might allow a user to change their email address - would it be possible to connect to the database using a login/password that is only allowed to edit the hypothetical table 'users'?

    3. How would you restrict a user from editing anything but "their" row in the hypothetical table 'users'? Would I just have to be vigilant with my PHP code in regard to the queries I write?

    Thanks in advance!

  2. #2
    SitePoint Zealot falsealarm's Avatar
    Join Date
    Sep 2008
    Posts
    147
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why don't you utilize an existing framework for this? Download a publicly available script which has similar features to yours and see what they have done. WordpressMU is a multiser blog script which serves a similar function as you are proposing. Check out what they have done as far as locking users down in tables, etc.

  3. #3
    SitePoint Evangelist ldivinag's Avatar
    Join Date
    Jan 2005
    Location
    N37 33* W122 3*
    Posts
    414
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    agree^^^^^^

    this is not a db issue, but an application one.
    leo d.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •