On 9/21/05, Paul M Foster <paulf@quillandmouse.com> wrote:
>
> I'm analyzing a site that we're taking over from someone else. Heavy use
> of PHP and MySQL. Many of the pages allow people at the company to add,
> delete and change items in the MySQL tables. When someone logs in to get
> to this section of the site, PHP queries the MySQL tables to determine
> if this person has the appropriate privileges, and shows them the page
> they've requested.
>
> But here's the thing: at the top of every page, PHP queries the MySQL
> tables _again_ to determine if the user (passed in session variables)
> has the appropriate privileges, etc. Isn't there a simpler, less costly
> (computer time) way to do this? Seems like there ought to be some way to
> pass a session variable (or something) along and query that in each
> page, without having to go back and check the tables for privileges each
> time you load a page.
>
> Any ideas?
>
> --
> Paul M. Foster
Paul:
We have been playing with the LAMP (Linux Apache MySql Php) configuration
here at work for a database that tracks inventory, employee info, online
trouble tickets, etc. and have found that handling authentication using
Apache 2.0 is simpler and more robust than using MySql itself. Having the
user authenticated by Apache allows MySql to do what it does best and that
is just be a database. While the PHP code that I have written accesses the
database under a specific MySql username and that user has tightly
controlled permissions within MySql, the access to the directories that
holds the web pages is controlled by Apache.
If you are using Apache you have a choice; you can use Basic Authentication
(.htaccess) on a file by file basis, or you can use global access settings
in the .conf file on a directory by directory basis. The second method is
preferred according to the Apache docs (
http://httpd.apache.org/docs/2.0/). This would authenticate your user
at the beginning of their use of the
database and there would be no need to reauthenticate at the top of each
page. Once they are done, they exit out and if they need to use it again
they simply have to start a new session and login again.
I know your post did not indicate which web server you were using, but I
have found this method to work so far. I am by no means an authority on the
subject, I just have some experience with this particular setup. I hope this
helps.
Cheers, Mav
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:09:00 EDT