Authentication and Security - HTML

Any additional technologies added to Web publishing bring additional security concerns—database publishing is no exception. You need to be concerned with when adding a database to the mix: access to the database as a whole and further restricting access for users.

Tools such as phpMyAdmin, although not very user-friendly, can help fill gaps in database administration.

Tools such as phpMyAdmin, although not very user-friendly, can help fill gaps in database administration.

In the case of MySQL, access is restricted per user, as seen in the user and password fields required in the mysql_connect() PHP function. Each user is assigned unique rights to the data. Access can be granted or denied on a table-by-table basis. For a publishing system it is best to create a very limited user for general use. This user can be used by the scripts for general query access, but have write, delete, and update access denied. This helps limit the exposure of the data; even if the general user credentials are compromised, the data can only be queried, not overwritten or deleted.

For authors you could implement a tiered security structure as follows:

  • Protect the maintenance scripts by placing them in an area of the Web site that is only accessible by machines used by the authors or, better yet, is password-protected by the Web server.
  • Use a unique user account (author) for author-level database access, granting permission to the article database but restricting access to the categories and authors tables.
  • Use the authors table to uniquely identify each author, requiring the author(s) to log in using the credentials stored in the table. Additional code in the article maintenance script(s) can restrict authors from modifying articles that are not their own.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

HTML Topics