On Di, 1999-07-06 02:07:17 +0200, Benjamin Pflugmann wrote:
> > My rationale is that I'd like to have a kind of an "access right" to
> > the password field while denying read access of the whole column.
> Hm. Correct me, if I am wrong, but you would just make it a little bit
> harder to find out the value of password, but it is still relatively
Hi Benjamin, that's definitely true, and I'm aware of it! :)
> With this kind of access restriction you can figure out the
> value of a password field by doing some selects. Or did I miss your
> point and the purpose of your suggestion is security by obscurity?
Well, I wouldn't call it "security" ... but basically, yes. Just
blocking the obvious ways to get the password list.
Such an 'access only right' (in comparison to select right) would make
more sense securitywise if such access-only fields were restricted to
be used for example only in equality comparisons.
Anyway, Monty already answered me:
| Sorry no; There isn't any such access right. One could add this,
| but it wouldn't be really trivial...
And for the actual problem that I had (authentification in phpMyAdmin)
I found a better and really secure solution.
Martin Ramsch <m.ramsch@stripped> <URL: http://home.pages.de/~ramsch/ >
PGP KeyID=0xE8EF4F75 FiPr=52 44 5E F3 B0 B1 38 26 E4 EC 80 58 7B 31 3A D7