tags:

views:

26

answers:

2
+1  Q: 

How do i prevent tampering using an admin flag?

Hello,

In my users table I have a true/false boolean flag which signifies whether the logged on user is Admin or not. Basically, even Admin and other users has access to database because it's a small college website. How do i ensure that general users don't modify the flag? Is storing admin flag a correct way of doing? If i keep password and username for database then also it's risky because other users even have access to website folder so they can refer to username and password in connection string.

Thanks in advance :)

+3  A: 

If they have full access to your database, editing the "admin flag" is the least of your problems. What's to stop them from editing everything else? Certainly not your admin flag.

Is storing admin flag a correct way of doing?

No, not even close. The proper way is to set up separate mysql users with only the limited permissions they need. Use file permissions to prevent people from reading the login info from the web folders.

Additionally you could use a .htaccess file to control access to the admin section.

bemace  2010-10-26 05:21:46
Basically, the only table i want to protect presently in the user table because it stores password of admin and the flag. Other things can be edited even by Admin(Head of department) and general users(faculties). Do you mean i should create role and add users to role?
Ankit Rathod  2010-10-26 05:36:51
A: 

Based on ur requirement u need to create role based application.

define types of users

and give different permissions to different users.

seed_of_tree  2010-10-26 05:48:37
@vasim :- That is not the problem. The original problem is access to the real database.
Ankit Rathod  2010-10-26 06:00:05

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL