Fwd: [PHP] user authentication

Tue, 11 Apr 2006 08:55:08 -0700 

 in fact no.

i can i have 1 MySQL database system profile "uimmense" to connect to
database.
and after via a PHP script to check if my user is registered into MY
database "immense" (checking profile and password).

if it's ok, so query or stored procedure can be executed, if not, connect to
DB is closed..

i was thinking to do such solution but i'm not so sure about security level
:-(

Alain


 On 4/11/06, Jay Blanchard <[EMAIL PROTECTED]> wrote:
>
> [snip]
> i'm sure that it's a stupid question but i would like to have your
> feedback
> on it.
>
> i have MySQL  with 2 users in the "mysql" database which are root and
> uimmense.
> i suppose that what i see in the password field is the sha1 crypted
> password.
>
> is it correct or not ?
>
> but lets continue...
> in fact, my web application should use a database named "immense".
> in this database, there is a table named "profiles".
> in this table, the login "uimmense" and its MD5 password are stored.
>
> the problem is :
> when i use mysql_connect('localhost','uimmense',myMD5password); to
> connect
> to MySQL database system, the connection is refused because the MD5
> password
> does not correspond to what is saved into users table within mysql
> database... :-(
>
> here is my question :
> all my users registered into my "immense" database, should be also
> registered as users of MySQL database system ? (which is stored into
> "users"
> table, into "mysql" database) ?
>
> is it clear ?
>
> i do not see really realistic if everytime that a new user is registered
> to
> my application, i have to create him a profile for MySQL database.
> [/snip]
>
> This is more suitable as a MySQL question. Having said that;
>
> If you wish the user to have permissions on the MySQL database then you
> must grant them permissions at which time they are added to the MySQL
> user's database. Once they are added you must then flush the privileges
> so that their permissions take effect. You can do this during
> registration by executing these queries if the PHP user has permissions
> to perform grants on the database. In all likelihood the PHP user (the
> user which the script runs as) does not have permission to perform
> grants.
>
> http://www.mysql.com/grant
> http://www.mysql.com/flush
>
>

Reply via email to