----- Original Message ----- From: "Melanie Phair" <[EMAIL PROTECTED]>
> I can add users ok but as they all have the same rights by > default there doesnt seem much point apart from tracking etc. > > All the books that I have read make a big thing about > restricting the rights of users but perhaps this isn't so > important when the database is accessed through an > interface and not directly. Well - for example you probably have data on your Web site that most visitors should only be able to read, but not alter... so you might want most pages connecting with a userid that has only read access. Then if there was any error or hack that gave someone that username and password they couldn't change or delete the data. Still in most cases it shouldn't matter, because usually the user can only do what you have coded the page to do, unless they have some exploit where they can inject SQL into a form field or something; if it was really, really important to protect the database and restrict access ( = a lot of $$$ at stake ) then the cost of running a dedicated server would be a small price to pay. Bj ____ � The WDVL Discussion List from WDVL.COM � ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
