Advice on a system

Discussion in 'Scripts, 3rd Party Apps, and Programming' started by DefecTalisman, Jan 25, 2008.

  1. DefecTalisman

    DefecTalisman Community Advocate Community Support

    Messages:
    4,148
    Likes Received:
    5
    Trophy Points:
    38
    I have created a login/authentication system as mention in on of my earlier posts.

    The system grants privileges to the users on the db according to a table that contains the privileges to be granted in the rows and the columns hold the tables that they should be granted on. So far I have created a user that I call guest that has "SELECT" granted to this table. So there should be no need for any admin password being passed around. I know that this isn't ideal when there are alot of users as now the script has to check the permissions for that user, icreasing the time it takes to finish the script(fractional difference). When the user signs up they get qued and a cron script creates the account and logs all the nitty grittys in the db.

    What I would like to know is :


    Is this advisable, what downfalls can I expect ?
     
  2. Fahad

    Fahad Guest

    I would use SQL accounts. This way, even if your script is compromised, the SQL account permissions still hold. People log on without the script using your password at all.
     
  3. DefecTalisman

    DefecTalisman Community Advocate Community Support

    Messages:
    4,148
    Likes Received:
    5
    Trophy Points:
    38
    Thats what I have done and tried to explain in the above. The permissions are kept in the db and a guest user is granted SELECT on it.
    I am now thinking about having separate users for the various crons that need to run and only granting permissions to the tables they need for them. So the only superuser username and password being used are entered by admin whilst doing something to the system.

    At the moment I am trying to get my head around the best way to manage content on the site.
    Am at a point where I think I am going to go for all the content being stored in the db with an id. Anyways lots of work to be done.
     

Share This Page