[SLUG] PHP/MySQL security

From: Paul M Foster (paulf@quillandmouse.com)
Date: Wed Sep 21 2005 - 01:03:24 EDT


I'm analyzing a site that we're taking over from someone else. Heavy use
of PHP and MySQL. Many of the pages allow people at the company to add,
delete and change items in the MySQL tables. When someone logs in to get
to this section of the site, PHP queries the MySQL tables to determine
if this person has the appropriate privileges, and shows them the page
they've requested.

But here's the thing: at the top of every page, PHP queries the MySQL
tables _again_ to determine if the user (passed in session variables)
has the appropriate privileges, etc. Isn't there a simpler, less costly
(computer time) way to do this? Seems like there ought to be some way to
pass a session variable (or something) along and query that in each
page, without having to go back and check the tables for privileges each
time you load a page.

Any ideas?

-- 
Paul M. Foster
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS).  Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:08:34 EDT