9 Nov
2001
9 Nov
'01
11:34 a.m.
On Fri, Nov 09, 2001 at 04:34:24PM +0100, Loïc wrote:
mmm, if you can't look at the password column field, how can you check
if the password is correct ? I don't get the point here :)
mmm, forget id, it's just a standard field in all my tables
(using mysql classes to access the data).
use an
home-made session system? This is not an
hard thing: it would just require a mysql table.
I've started to work again on this but am facing a first problem.
Let's say only the standard user may use the session table.
Once the user is logged into, his login/password must be
stored into this session table and the standard user must be
able to get them, you know the standard user I've just removed
every priv. on the "Password" column from the "mysql.user" table in
order to
improve security..... :( it would just
require a mysql table.
(id, session_id, username, db, passwd, ip, expiration, timestamp)
Hum why:
- id and session_id? - db (no very usefull without hostname and table name
at least)?
was just a 2 min draft... with db I meant the db number from
$cfgServers[1], $cfgServers[2], etc...
- expiration and timestamp?
expiration: to allow automatic deletion of session after a
defined time limit
timestamp: for admin information, to see last action
Olivier, from the first snowy day of the winter :)
--
_________________________________________________________________
Olivier Mueller - om(a)8304.ch - PGPkeyID: 0E84D2EA - Switzerland
qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch