Hello everyone! I really need some advices on this...
What I'm trying (hopefully it won't be a try for too long) to do is :
A MySQL database running on a distant server containing all the data of the company. Some web pages mainly showing queries to the customers. AND a software allowing employees to create, modify or delete information in the database.
What is working :
The database. The web pages. The software.
My problem :
The authentification on the software side!
Requirements to meet :
The user must only have to enter his password.
That would be a lot better if it was possible not to play with adding/deleting mysql users all the time.
3 ways I thought :
1. By MySQL login... Each employee would need his MySQL username and password, I don't like this too much... because they can't only use the password (or else the software should know the passwords and corresponding user names.. what is obviously not a good idea).
2. By Employee table login... The software has one username/password and allows only people recognized by the database to access and play with the information. I think this is a nice idea.. but risked if someone gets the username and the password... I like this idea because it allows the user to only enter his password and does only require from me to add the employee in the Employee table (no need for mysql user ... and anything else).
3. Well.. thought there was maybe something to do with the server firewall and MAC addresses or something, but that's becoming complicated... forget it.. if it's not THE best idea.
Well you see.. the 2nd idea is what looks good to me, but there's still a little risk...
Please let me know how do you proceed or how should I proceed according to you.
Many thanks in advance.. I'm waiting for that problem to be solved before I can continue my work!
Max J.
dBforums
>
Need some serious advices on login/auth.
09-28-06, 19:02
Linear Mode
