4 messages in com.mysql.lists.win32Fwd: Re: Allowing users to change the...| From | Sent On | Attachments |
|---|---|---|
| Quincy Yarde | 25 Feb 2002 07:45 | |
| Quincy Yarde | 25 Feb 2002 11:37 | |
| Henrik Lantz | 25 Feb 2002 11:39 | |
| Quincy Yarde | 25 Feb 2002 12:20 |
| Subject: | Fwd: Re: Allowing users to change their passwords-policy |
|---|---|
| From: | Quincy Yarde (QYa...@cariaccess.com) |
| Date: | 02/25/2002 11:37:57 AM |
| List: | com.mysql.lists.win32 |
My other questions is that for the end users - some users will have more privileges on a mysql table that others for example John will have the privilage to delete from table1 whereas susan can only update and select information. Does your suggestion means then that I as the developer will have to build an interface to manage these privileges?
-----Original Message----- From: Henrik Lantz <h.o....@chello.nl> To: "Quincy Yarde" <QYa...@cariaccess.com> Date: Mon, 25 Feb 2002 16:55:11 +0100 Subject: Re: Allowing users to change their passwords-policy
Hi Quincy,
The solution to this problem is to not place your end users in the mysql.users table, but instead to create a separate user table for your particular application. In mysql.users, you create ONE user that is allowed to access your application (complete with the limitations you want in the other grant tables) and have your application always use this username/password combo to connect.
The next step is to set up authentication within your application. Create a table withing your application database, called for example "users", where you store end-user usernames and passwords and also provide the users an interface to modify their accounts. I have done this for several applications based on MySQL and I find it the safest (and most convenient) way to do it. It prevents your mysql.users table from filling up with user accounts that you have no way of managing. :)
Good luck, and let me know if you need more input!
Regards, Henrik
At 11:46 25-02-02 -0400, you wrote:
One security aspect when using mysql is to restrict users access to the mysql database. However, I think subject to correction that for a database user to change their passwords that they need to have access to the mysql database and the user table.
My question is how do I allow users to change their password at will without compromising security of mysql database by given them access to the mysql database?
--------------------------------------------------------------------- Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before posting. To request this thread, e-mail win3...@lists.mysql.com
To unsubscribe, send a message to the address shown in the List-Unsubscribe header of this message. If you cannot see it, e-mail win3...@lists.mysql.com instead.