I have a DB user "userlookup" which only has the SELECT priviledge on
the columns mysql.user.user and mysql.user.password.
For the curious ones:
I need this DB user for the advanced authentification in Thomas Rat-
schiller's tool "phpMyAdmin" <URL: http://phpwizard.net/phpMyAdmin/ >
to check if a given DB user/pw is valid.
The query done by this DB user is:
Sidenote: I can't just do a trial connection to the DB with the
given user/pw, because at this stage I don't know yet to which
database I have to connect ...
Hmm, while I'm writing this it comes to mind that I just could
connect to "test" DB that is always there.
My question is:
Is it possible to restrict access to _only_ the field "User"
while using other fields in the WHERE clause?
SELECT User From user WHERE User='abc' AND Password=PASSWORD('xyz')
The contents of the password field never should be output, but used
internally for the right selection.
My rationale is that I'd like to have a kind of an "access right" to
the password field while denying read access of the whole column.
Martin Ramsch <m.ramsch@stripped> <URL: http://home.pages.de/~ramsch/ >
PGP KeyID=0xE8EF4F75 FiPr=52 44 5E F3 B0 B1 38 26 E4 EC 80 58 7B 31 3A D7