Andreas <maps.on@xxxxxxx> wrote: > Am 29.11.2011 23:54, schrieb Tamara Temple: > > As I read it, the OP may be confusing application user logins and > > the credentials used by the application to access the data > > base. Individual application users should *NOT* have access directly > > to the data base by having their individual credentials in the db > > access list. The application should have a unique set of credentials > > for accessing the database, and the only way users can gain access > > to the database should be through the application. Do NOT store data > > base credentials anywhere in the session or in cookies, either, as > > that can give people access to your database as well. > > Actually the OP is trying to figure out, why it is a good thing to > have just one set of db credentials for the application instead of > individual credentials for every user. > The DBMS has a fine grained permission control system in place. > The issue about thuis is I need to keep the users dbuser and password > in a session or cookie because I need it for every connection to the > DB. If you give every application user a unique set of database access permissions, that means that any one of those users can access your data base WITHOUT going through your application if they manage to get access to your data base server. Is that clearer? Your application's users should not be able to access the data base directly. The application should be the thing to manage the data base. You may want to have different data base credentials for different user *roles* (plain, privileged, admin roles, etc), but to give *every* application individual data base unique credentials is not only unnecessary, but also a security risk. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
