Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

HELP! Password & Userid when client connects through my ASP-pages

Status
Not open for further replies.
Tore

Tore

Technical User
May 18, 2001
29
NO
Hi. I'm new to mySql.

Are about to launch a site i a month or so.

I'm looking for a good and secure way to let my customers access the mySql database through my ASP-pages.

They will have to be able to Select, Insert, Update and Delete records in the database through my ASP-pages.

Have read the mySql reference manual and I have understood that I have to grant "Select, Insert, Update and Delete" privileges to these users (user).

But how do I deal with connecting the users to the mySql database? I would really not have to create a new user for every of my customers if I do not have to do it!!!

Should I create one user in the database with the privileges mentioned above and in .my.cnf file set the parameters like this: (if the user was online-asp-users and password was the-password?

[client]
host=host_name
user=online-asp-users
password=the-password

And in my ASP-pages that need to interact with the database use this connection string:
BUT NOT GIVING THE uid and pwd parameters...
Will this work? Or is there other and better ways to let my customers access the database through ASP-files? And without creating a different user and userprivileges in the mySql database for each of my customers. (I have another table for customers and in that userid and password for each customer.)

<%@ LANGUAGE=&quot;VBSCRIPT&quot;
strConnection = &quot;driver={MySQL};server=host_name;database=THE_MYSQL_DB;option=NUM&quot;
Set adoDataConn = Server.CreateObject(&quot;ADODB.Connection&quot;)
adoDataConn.Open strConnection
%>

(I will have my mySql database on an ISP that uses a linux server.)

Tore
 
Sort by date Sort by votes
Hi. Imagine it like this: the connection you use in your ASP-pages is a 'client' to the database, not your clients. You may want to give each of your customers a password and a username, and give them access to their data based on user verification, but that has nothing to do with the UID and password you supply when connecting ASP to mySQL.

In other words: you would grant Select, Insert, Update and Delete rights to ASP_user, i.e. the connection you use to connect ASP to mySQL, but not to all of your customers individually. And you would write your own routines to give each of your customers the ability to manage their data, based on the password and username (or cookie, or IP-address) they supply. These passwords and usernames can be stored anywhere, but (preferably) not in the 'user' table in the 'mysql' database.

Greetz,

Joachim Kruyswijk
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

boylesg
  • Locked
  • Question
Can't sort my table by a particular column, records are returned in autinc order.
Replies
4
Views
466
spamjim
spamjim
E
  • Locked
  • Question
MySQL calculator tools
Replies
0
Views
223
EdZzy
E
Arthur Lewis
  • Locked
  • Question
Backup Mysql database to client machine
Replies
2
Views
149
Arthur Lewis
Arthur Lewis
waubain
  • Locked
  • Question
Show rows results on same row when Group BY fields 1
Replies
6
Views
363
SkipVought
S
lupidol
  • Locked
  • Question
Cannot create new table in mySQL 3
Replies
6
Views
438
lupidol
lupidol

Part and Inventory Search

Sponsor

Back
Top