SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict kivison's Avatar
    Join Date
    Dec 2004
    Location
    Whitley Bay, Tyne & Wear, UK
    Posts
    246
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    2 DB users in website

    Hi All

    I am creating a site which requires a strong log in and security system. I have the script sorted out for this which can protect against SQL injections, brute force etc however my question is, one of the preventions against SQL injection is to not use a DB user that has delete rights and so I would like to sign the user in with a DB user that has create insert and update rights to add a line into a table for log in attempts etc for instance but when the user is verified into the site they need to use the application so delete rights will needed so a user with full access needs to be used for the continued use of the application.

    Now, once the user is logged in, the protected pages have a routine that checks the user is authorised but that is after the login so the delete rights (in addition to the user rights that were used when logging in) make no difference to checking that the user is logged in but are important to the use of the web application.

    Is this something that the PHP coding will not error over (changing users after the initial page) or will I get into problems?

    Thanks in advance

    keith

  2. #2
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,147
    Mentioned
    16 Post(s)
    Tagged
    3 Thread(s)
    Switching between x authentication profiles for the db connections based on different conditions seems pretty straight-forward to me.
    The only code I hate more than my own is everyone else's.

  3. #3
    SitePoint Addict kivison's Avatar
    Join Date
    Dec 2004
    Location
    Whitley Bay, Tyne & Wear, UK
    Posts
    246
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Post

    Thanks for the reply. I will see if i can run through it and post any issues.

    Diamond


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •