> I guess I'm not understanding this part of you dilemma.
OK, I'll explain it with more detail. I access mySql databases through the use of php scripts (that's sort of why I'm on this group). Let's say that my database contains some very valuable information collected over many years. I allow my users to view parts of the data overlaid on a map. I want them to only access the data through my web site (for a variety of reasons). Inside my Flash/AJAX/Javascript/whatever code, it isn't hard to see that my database is accessed with something like: http://www.myurl.com/access_my_data.php?id=1000&count=5 Using POST inside a Flash swf, etc. is similar in its ease of figuring out how to call the php script. So now a smart little hacker can write their own code to call my php script and grab my entire database. Sure, I can limit the "count" parameter above but that doesn't stop them from just calling the script thousands of times with smaller count values. This has nothing to do with directly accessing the database. I know that the mySql passwords are secure. All I'm trying to do is figure out a way to deny access of my php scripts from others. Since I'm going to require that my users log onto my system, I can use session variables to "validate" a user. But what stops a user from logging in (creating the session variables) and then running their own scripts to grab all of my data through my php access? Am I missing something so simple that no one has ever faced this before? ------------------------ Yahoo! Groups Sponsor --------------------~--> See what's inside the new Yahoo! Groups email. http://us.click.yahoo.com/2pRQfA/bOaOAA/yQLSAA/CefplB/TM --------------------------------------------------------------------~-> The php_mysql group is dedicated to learn more about the PHP/MySQL web database possibilities through group learning. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php_mysql/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
