[nycphp-talk] accessing phpmyadmin as different users
Tim Gales
tgales at tgaconnect.com
Fri Oct 17 14:37:31 EDT 2003
Nestor,
If I understand you -- you want to let different users
access mySQL through phpAdmin.
What throws me is when you say it would be nice if different
users could have different access based on their login.
Consider the following:
In the user table you have something like this:
Host User Password Select_priv Insert... Delete...
---- ---- -------- ----------- --------- ---------
localhost root md5_password Y Y Y
www.ur.com you md5_password y Y N
and in the database table you have:
Host Db User Select_priv Insert_priv
---- --- ----- ----------- -----------
www.ur.com data you Y N
The above would allow 'you' to login to mySQL database from
www.ur.com and select and insert -- but not delete.
Even though 'you' can log in with insert privileges 'you'
won't be able to insert into the 'data' database.
The security system works on a combination of user and host
as detailed in the mySQL manual.
If you look at the 'tables_priv' and the 'columns_priv'
tables in the 'mysql' database you will see that there are
opportunities to get pretty fancy with who's allowed to do
what.
I have to admit I have never used phpadmin except as a root
user with total privileges. But I find it hard to believe
that phpadmin operates outside the regular mySQL security
framework. I doubt if phpadmin circumvents or constricts the
general security features of mySQL.
This means you should be able to put your own 'happy face'
on phpadmin -- and you shouldn't have to post variables to
it from a form.
T. Gales & Associates
Helping People Connect with Technology
http://www.tgaconnect.com
-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org] On Behalf Of Nestor
Florez
Sent: Friday, October 17, 2003 12:11 PM
To: NYPHP Talk
Subject: [nycphp-talk] accessing phpmyadmin as different
users
I am trying to access phpmyadmin as diferent users by having
a login webpage
that ask for the userid and password and then passing it to
index.php. In the
config.inc.php I change the code to look like this:
$cfg['Servers'][$i]['user'] = $_GET['userid'];
$cfg['Servers'][$i]['password'] = $_GET['pwd'];
But when I try this I get an error:
========================================================
Error
MySQL said:
Access denied for user: 'ODBC at localhost' (Using password:
NO)
========================================================
If I change the code to :
=========================================
$cfg['Servers'][$i]['user'] = 'view';
$cfg['Servers'][$i]['password'] = 'view';
=========================================
It works. This is the same userid and pwd I am passing from
my login page
Any ideas?
This tool is great but it would much easier if we could set
it up to allow for users to login
and according to their user and pwd they would have access
to different DB's and tables
according to the permissions that were granted to them..
Thanks,
Nestor :-)
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list