No. It is very common. I am sure it is setup such that only the user
defined can access the database defined and only from localhost. If
you do not give out the password and user, then it is secure. Of course,
it does require that you perform all of your user management in your
code, which is a pain. If you do not like that, then you really should
be using a full blown application server on your own host, as that will
provide you with fully container managed security in web services.
tim.
> Thanks for the help!
>
> But isn't it quite secureless??!!
>
>
> -----Message d'origine-----
> De : Joel Nelson [mailto:joelnelson@stripped]
> Envoy> > Objet : Re: Connexion from one user profil
>
>
> ----- Original Message -----
> > Hi people,
> >
> > It's for a web app.
> > My provider provides me only one user profil in the User table. I suppose
> > it's the super-user profil.
>
> That should be correct as a provider will usually only give you ONE user on
> only ONE database.
>
> > In order to permit a client to access the database with the right of
> select,
> > update, insert and delete for the front office (the real web site) and in
> > order to food the database, modify a state for a command... for each
> person
> > who works in the society (back office), I create two tables: PROFIL +
> > UTILISATEUR (user).
>
> I think this is where you may be confused. Since you don't have access to
> the
> real USER table you cannot create any new users with specific right to the
> database. You can create your on UTILISATEUR table that your code checks
> and then your code must decide what database actions are allowed. But you
> will always access your data base with the one user your provider gave you
> and none other.
>
> > In the UTILISATEUR tables I intend to create a user 'Visitor', password:
> > Visitor, a user Administrator with all privileges, a user operator with
> the
> > privilege only on the ARTICLE products...
>
> As I stated above, all priveleges will have to be handled in your own code.
>
> > But I don't see the way to assign the rights. I know the command:
> > "GRANT SELECT, INSERT, UPDATE, DELETE ON DB_Install.CLIENT TO
> > Visitor@localhost IDENTIFIED BY password"
>
> As I stated above, I think you'll be understanding by now.
>
> > This instruction is entered from mysql client, but how must I grant a
> > specific profil inner the code ?
> > I repete that I dispose just one user profil into my provider.
> > I maybe don't understand the way a database is built.
>
> Hope this help!!
>
> Joel
>
>
> ---------------------------------------------------------------------
> Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
> posting. To request this thread, e-mail win32-thread6346@stripped
>
> To unsubscribe, send a message to the address shown in the
> List-Unsubscribe header of this message. If you cannot see it,
> e-mail win32-unsubscribe@stripped instead.
>
