List:General Discussion« Previous MessageNext Message »
From:Martin Ramsch Date:July 4 1999 5:48pm
Subject:more selective column privileges?
View as plain text  
Hello,

I have a DB user "userlookup" which only has the SELECT priviledge on
the columns mysql.user.user and mysql.user.password.

For the curious ones:
I need this DB user for the advanced authentification in Thomas Rat-
schiller's tool "phpMyAdmin" <URL: http://phpwizard.net/phpMyAdmin/ >
to check if a given DB user/pw is valid.

The query done by this DB user is:
  SELECT User,Password
  FROM   user
  WHERE  User='$PHP_AUTH_USER'
     AND Password=password('$PHP_AUTH_PW');

Sidenote: I can't just do a trial connection to the DB with the
  given user/pw, because at this stage I don't know yet to which
  database I have to connect ...
  Hmm, while I'm writing this it comes to mind that I just could
  connect to "test" DB that is always there.
  Anyway ...


My question is:

  Is it possible to restrict access to _only_ the field "User"
  while using other fields in the WHERE clause?

  Example:
     SELECT User From user WHERE User='abc' AND Password=PASSWORD('xyz')

  The contents of the password field never should be output, but used
  internally for the right selection.

  My rationale is that I'd like to have a kind of an "access right" to
  the password field while denying read access of the whole column.

Regards,
  Martin
-- 
Martin Ramsch <m.ramsch@stripped> <URL: http://home.pages.de/~ramsch/ >
PGP KeyID=0xE8EF4F75 FiPr=52 44 5E F3 B0 B1 38 26  E4 EC 80 58 7B 31 3A D7
Thread
more selective column privileges?Martin Ramsch4 Jul
  • Re: more selective column privileges?Benjamin Pflugmann6 Jul
    • Re: more selective column privileges?Martin Ramsch6 Jul
  • Re: more selective column privileges?Sasha Pachev6 Jul