[Phpmyadmin-devel] Re: new auth

Olivier M. qmail at orion.8304.ch
Fri Nov 9 08:34:02 CET 2001


On Fri, Nov 09, 2001 at 04:34:24PM +0100, Loïc wrote:
> >use an home-made session system? This is not an
> >hard thing: it would just require a mysql table.
>
> I've started to work again on this but am facing a first problem.
> Let's say only the standard user may use the session table.
> Once the user is logged into, his login/password must be
> stored into this session table and the standard user must be
> able to get them, you know the standard user I've just removed
> every priv. on the "Password" column from the "mysql.user" table in order to
> improve security..... :(

mmm, if you can't look at the password column field, how can you check
if the password is correct ? I don't get the point here :)

> >it would just require a mysql table.
> >(id, session_id, username, db, passwd, ip, expiration, timestamp)
>
> Hum why:
> - id and session_id?

mmm, forget id, it's just a standard field in all my tables
(using mysql classes to access the data).

> - db (no very usefull without hostname and table name at least)?

was just a 2 min draft...  with db I meant the db number from
$cfgServers[1], $cfgServers[2], etc...

> - expiration and timestamp?

expiration: to allow automatic deletion of session after a
 defined time limit
timestamp: for admin information, to see last action

Olivier, from the first snowy day of the winter :)

-- 
_________________________________________________________________
 Olivier Mueller - om at 8304.ch - PGPkeyID: 0E84D2EA - Switzerland
qmail projects: http://omail.omnis.ch  -  http://webmail.omnis.ch




More information about the Developers mailing list