09-28-06, 19:02 #1Registered User
- Join Date
- Sep 2006
Unanswered: Need some serious advices on login/auth.
Hello everyone! I really need some advices on this...
What I'm trying (hopefully it won't be a try for too long) to do is :
A MySQL database running on a distant server containing all the data of the company. Some web pages mainly showing queries to the customers. AND a software allowing employees to create, modify or delete information in the database.
What is working :
The database. The web pages. The software.
My problem :
The authentification on the software side!
Requirements to meet :
The user must only have to enter his password.
That would be a lot better if it was possible not to play with adding/deleting mysql users all the time.
3 ways I thought :
1. By MySQL login... Each employee would need his MySQL username and password, I don't like this too much... because they can't only use the password (or else the software should know the passwords and corresponding user names.. what is obviously not a good idea).
2. By Employee table login... The software has one username/password and allows only people recognized by the database to access and play with the information. I think this is a nice idea.. but risked if someone gets the username and the password... I like this idea because it allows the user to only enter his password and does only require from me to add the employee in the Employee table (no need for mysql user ... and anything else).
3. Well.. thought there was maybe something to do with the server firewall and MAC addresses or something, but that's becoming complicated... forget it.. if it's not THE best idea.
Well you see.. the 2nd idea is what looks good to me, but there's still a little risk...
Please let me know how do you proceed or how should I proceed according to you.
Many thanks in advance.. I'm waiting for that problem to be solved before I can continue my work!
09-29-06, 06:50 #2Jaded Developer
Provided Answers: 59
- Join Date
- Nov 2004
- out on a limb
whats the client / front end? if its a windows front end then you may be able to get access to the network logon
One of the shortcomings of the MySQL security model that I have seen so far is tha lack of the security group concept
In any event I dont think that there will ever be a way round the requiremnt to add a user and password (even if blank) to the db. you may be able to circumvent some of the user requriements if you can use LDAPI'd rather be riding on the Tiger 800 or the Norton