Unanswered: Controlling of MySQL users' password and ACL through PHP
Hullo to all,
I'm not sure where to post this question, but hopefully this is the correct forum
I'm creating a PHP application that has multiple users in a multiple roles. Each role's ACL to the database can defined dynamically through my application. So, for a change of a role's ACL, my application would connect to all MySQL databases that we have, change the ACL for each of the users in the role. Also, for any user or role deletion/addition, change password etc, connection to databases are neccesary.
From my opinion, this is not a good idea to implement, but it's decided by the top management. I can't find a way to argue this other than it's difficult to code and maybe buggy. There are many situation that might pose problem. For example, what if one of the database is down? etc...
What is so bad of having a single database login anyway??? I find it easier, because I would not make so much connection to the database (compared to a single connection for each of the users logged in).