IN fact, i would like to have 2 profiles. 1 as common user : everybody should use this profile, to browse website and execute common queries. 1 as poweruser : this profile will require a logon in some ssl webpage. it is use to update/administrate database. for sure, people with poweruser profile should log-in, so they will type login and their password. however, the users profile do not have any reason to type login and password, they should only browse the website. their login and password will be only use to execute stored procedures/queries. that's why i would like to find a way how to secure it enough but login and password should come from somewhere. the application : a simple MySQL-PHP website for cosmetics services. (so prices, info, appointment reservation,..) does it help you ? Alain On 4/3/06, Chris <dmagick@xxxxxxxxx> wrote: > > Alain Roger wrote: > > Hi, > > > > I would like to use a secure way how my user is authenticated. > > For that i was thinking to use session and register his login and > password > > as session variable. Like that, when he will need to execute a query he > will > > not have to type again everything but application will do it alone. > > > > What do you think about that ? > > > > Moreover, it should exist a default user with which, everybody will be > able > > to execute some basic queries. > > > > i was thinking to store this login and password in hardcoding in some > text > > file that will be used at the first web page (some file that i will > include > > in my PHP code).... after everything will be managed by PHP sessions and > > variables. > > > > i know that hardcoding is not the best secured solution, but really > default > > user should not enter his login and password. So how can i do that ? > > What exactly is your application doing? We can't really give much advice > if we don't know what it's for. > > -- > Postgresql & php tutorials > http://www.designmagick.com/ >
