On Wed, June 16, 2010 14:47, Don Cohen wrote: > Daevid Vincent writes: > > > For the love of God and all that is holy, > > do NOT put the user/pass on the URL like that!!!!!! > What's so unholy (or even unwise) about it? The username and password shows up in logs on the server and in the browser's cache since it is part of the page's "address". Anyone who has access to either will get them. Remember, browser's cache history. > > Or use "mod_auth_mysql" to maintain your 'authorized' users to your > page. > Why is this so much better? > In my case it's worse cause I don't want this to be interactive. > I want to install something on a user's machine that will access his > data without him having to do anything. The url is to be used by > a program, not a person on a browser. > > > And as Adam beat me to, use a VIEW to expose ONLY the columns and joins > you > > want. This is also a good time to normalize the data and column names > so > > that you don't expose what their internal names are. > So far I don't like this solution. > > > But also has he said, I don't see what you're trying to accomplish. If > I'm trying to let a large number of users each access his own data > and not everyone else's in a very flexible way, in particular, > allowing selection using functions, aggregations, filters. > > > someone is technically literate to format SQL statements, then just > give > > them a read-only account to the mysql (or view) directly. Let them use > > their own GUI tool like SQLYog or whatever -- it will be far more > robust > > than anything you can write yourself. > In this case there may be a lot of users but the queries are likely to > be written by a small number. > > > If you're trying to do some "reports", then just code up the reports > and > > use select boxes for the options you want someone to choose. Use jQuery > and > > table_sorter plugin and you're done. > I can't predict what options will be needed. > And this seems much easier. > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/mysql?unsub=mussa...@csz.com > >
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
