which users should I use for what application

[Microbe]

Hey folks,

THanks in advace for any help here. I have a fir bit of experience with ASP/Access and am learning PHP/mySQL.

I have created an application that has a public area and an admin area.

Should I have a seperate mySQL user connection for the public area versus the admin area? The public user would have read permissions only the admin user would have read/write/execute.

Is this even necessary? It is leading to a little bit of confusion, but I am trying to learn good practises from the start...how am I going so far? )

Steve Davis
ttf(a)HaHaHa.com.au

http://www.HaHaHa.com.au/weblog

Me? I can't even spell ASP!

NOTE: This sig does not include any reference to voting, stars, or marking posts as helpful as doing so is cause for membership termination.

 

[Bastien]

yes, if you have the ability to create users on the mysql accounts, then do so. The more holes you have the more likely tha someone can exploit those holes.

In you post you refer to read/write/execute. Assuming public users only get select [and insert/update, maybe]. The admin could be given select, insert, update, delete, create but no more than what is absolutely needed to make things work.

This does not remove the need to write your code to limit the chances of exploits thru sql injection or other methods.



Bastien

I wish my computer would do what I want it to do,
instead of what I tell it to do...

 

[Microbe]

Thanks for that. It was what I was doing and I just wanted to be sure it wasn't overkill.

Steve Davis
ttf(a)HaHaHa.com.au

http://www.HaHaHa.com.au/weblog

Me? I can't even spell ASP!

NOTE: This sig does not include any reference to voting, stars, or marking posts as helpful as doing so is cause for membership termination.