NYCPHP Meetup

NYPHP.org

[nycphp-talk] accessing phpmyadmin as different users

Tim Gales tgales at tgaconnect.com
Fri Oct 17 14:37:31 EDT 2003


Nestor,

If I understand you -- you want to let different users
access mySQL through phpAdmin.

What throws me is when you say it would be nice if different
users could have different access based on their login.

Consider the following:

In the user table you have something like this:

Host      User  Password     Select_priv Insert... Delete...

----      ----  --------     ----------- --------- ---------
localhost  root md5_password       Y        Y        Y   
www.ur.com you  md5_password       y        Y        N

and in the database table you have:

Host         Db    User         Select_priv  Insert_priv 
----         ---   -----        -----------  -----------
www.ur.com   data  you               Y           N

The above would allow 'you' to login to mySQL database from
www.ur.com and select and insert -- but not delete.

Even though 'you' can log in with insert privileges 'you'
won't be able to insert into the 'data' database.

The security system works on a combination of user and host
as detailed in the mySQL manual.

If you look at the 'tables_priv' and the 'columns_priv'
tables in the 'mysql' database you will see that there are
opportunities to get pretty fancy with who's allowed to do
what.

I have to admit I have never used phpadmin except as a root
user with total privileges. But I find it hard to believe
that phpadmin operates outside the regular mySQL security
framework. I doubt if phpadmin circumvents or constricts the
general security features of mySQL.

This means you should be able to put your own 'happy face'
on phpadmin -- and you shouldn't have to post variables to
it from a form.  

T. Gales & Associates
Helping People Connect with Technology
http://www.tgaconnect.com

-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org] On Behalf Of Nestor
Florez
Sent: Friday, October 17, 2003 12:11 PM
To: NYPHP Talk
Subject: [nycphp-talk] accessing phpmyadmin as different
users

I am trying to access phpmyadmin as diferent users by having
a login webpage 
that ask for the userid and password and then passing it to
index.php. In the 
config.inc.php I change the code to look like this:

$cfg['Servers'][$i]['user'] = $_GET['userid'];
$cfg['Servers'][$i]['password'] = $_GET['pwd'];

But when I try this I get an error:
========================================================
Error

MySQL said:

Access denied for user: 'ODBC at localhost' (Using password:
NO)
========================================================

If I change the code to :
=========================================
$cfg['Servers'][$i]['user'] = 'view';
$cfg['Servers'][$i]['password'] = 'view';
=========================================

It works. This is the same userid and pwd I am passing from
my login page

Any ideas?

This tool is great but it would much easier if we could set
it up to allow for users to login 
and according to their user and pwd they would have access
to different DB's and tables 
according to the permissions that were granted to them..

Thanks,

Nestor :-)


_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk




More information about the talk mailing list