Re: Question about user management...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Mar 11, 2008, at 10:42 AM, Philip Thompson wrote:

On Mar 11, 2008, at 12:20 AM, Mike wrote:

Wait, what?

You are defining user role ids as MD5 hashes of UUIDs created from random numbers that change on every request?

Am I missing something or is this completely insane advice?

I'm probably wrong on this, but I think the point is that it doesn't matter the actual value of the constants. As long as you're using that constant (which has a unique value on each request)... well, wait. Maybe I don't understand either. Ha!

I do understand the security aspect though. It's like a password that changes quite frequently - it would be, for all intensive purposes, impossible to guess.

Oh, I have an idea! Let's say your users are defined this way in the database:

user_level: ADMIN, GENERAL_USER, LEVEL_ONE_USER, etc...

Then run your comparison, e.g.:

if (defined ($user['user_level'])) { ... }

Maybe Tedd or Dan need to slap some sense into me, but that's one way I *think* you could implement it. =/

~Philip

Here's what I understood it to mean :) The numbers that I was using are unimportant.. It just needs to be consistent throughout the entire application. Ie if 50,000 = Root 50,000 has to ALWAYS equal root. in that same fashion if 0 = root 0 always has to be root. Both are just as valid, and it's just a matter of design.

I could also use a "Level1", "Level2" etc type setup... All of it works, and it's just semantics and programming styles. I don't believe that either way is any more secure then any other way... At least of what I have mentioned here...

If I'm wrong though, I'm open to suggestions! :)


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@xxxxxxxxxx




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux