Re: [PHP] Common way to store db-password of open session?

On Sun, 2011-12-04 at 17:59 +0100, Andreas wrote: > Am 03.12.2011 23:54, schrieb Tamara Temple: > > If you give every application user a unique set of database access > > permissions, that means that any one of those users can access your > > data base WITHOUT going through your application if t

Re: [PHP] Common way to store db-password of open session?

On 4 Dec 2011, at 16:59, Andreas wrote: > Am 03.12.2011 23:54, schrieb Tamara Temple: >> If you give every application user a unique set of database access >> permissions, that means that any one of those users can access your data >> base WITHOUT going through your application if they manage to

Re: [PHP] Common way to store db-password of open session?

Am 03.12.2011 23:54, schrieb Tamara Temple: If you give every application user a unique set of database access permissions, that means that any one of those users can access your data base WITHOUT going through your application if they manage to get access to your data base server. Is that clea

Re: [PHP] Common way to store db-password of open session?

To put it another way - your appl should control the access that a user has - different screens/functions available depending upon the signon credentials. The entire application's sql use (or all 'users' of the database) should have a minimal number of user ids associated with it - both to mak