[Phpmyadmin-devel] Re: new auth
Olivier M.
qmail at orion.8304.ch
Fri Nov 9 08:34:02 CET 2001
On Fri, Nov 09, 2001 at 04:34:24PM +0100, Loïc wrote:
> >use an home-made session system? This is not an
> >hard thing: it would just require a mysql table.
>
> I've started to work again on this but am facing a first problem.
> Let's say only the standard user may use the session table.
> Once the user is logged into, his login/password must be
> stored into this session table and the standard user must be
> able to get them, you know the standard user I've just removed
> every priv. on the "Password" column from the "mysql.user" table in order to
> improve security..... :(
mmm, if you can't look at the password column field, how can you check
if the password is correct ? I don't get the point here :)
> >it would just require a mysql table.
> >(id, session_id, username, db, passwd, ip, expiration, timestamp)
>
> Hum why:
> - id and session_id?
mmm, forget id, it's just a standard field in all my tables
(using mysql classes to access the data).
> - db (no very usefull without hostname and table name at least)?
was just a 2 min draft... with db I meant the db number from
$cfgServers[1], $cfgServers[2], etc...
> - expiration and timestamp?
expiration: to allow automatic deletion of session after a
defined time limit
timestamp: for admin information, to see last action
Olivier, from the first snowy day of the winter :)
--
_________________________________________________________________
Olivier Mueller - om at 8304.ch - PGPkeyID: 0E84D2EA - Switzerland
qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch
More information about the Developers
mailing list