Hi all, I'm an almost total newbie of mysql. I'd like to permit various users to access my db and modify it, but I don't want to create a lot of users because I fear I might have problems with a lot of users (or is the user table like any other table in mysql? I mean how many users can mysql handle?).
However I was thinking to create just one shared user, and then to impose a control on the queries from the various users: in practice everytime they make a query using their shared credentials they must also supply in the query two fields with an additional username and password, if the both match against a table of usernames/passwords previously created the query can be executed, otherwise discarded. Is this possible?
If you go with the shared user concept keep in mind security. At a minimum do not store the password in plain text. Use some kind of hash. That way your passwords a more secured against hacker attacks.
To check if the shared user password matches, create the hash for the shared user password. Then perform a query against the database for the username and just check if the two password hashes are identical. If they are, give the user an authentication token.
select hashedPassword from users where username=?
,,, rest of code ,,
As far as how many user MySQL can easily take a look here.