[ILUG] Database authentication
Kenn Humborg
kenn at bluetree.ie
Tue Mar 19 19:04:10 GMT 2002
Say you've got a bunch of Windows desktops. And you've
got a Linux server running MySQL (or any other database).
And you want to store all sorts of interesting info in
this database.
And you want to have nice, easy-to-deploy web-based
front-ends, along with maybe some harder-to-deploy, but
more flexible Win32 (VB/whatever) front-ends.
This is all straightforward. MySQL/Apache/PHP/MyOBDC
are all the buzzwords I need so far...
And now say that you want to protect this data such
that different users have different access levels (none,
read-only, modify, delete, etc) to these tables.
So you need to have user accounts in your database.
No problem, MySQL has a flexible enough security
infrastructure to do this. (Although I don't
think it supports authenticating via PAM from our
NT domain using pam_smb.)
But, what's the best way of getting the user's
credentials? I really don't like the idea of
prompting the user for a username and password at the
start of every web session or when they launch their
Win32 clients. And caching this info in a cookie or
the registry is nasty too...
Of course, the "recommended" way to deal with this
is to use MS SQLServer and IIS and use the integrated
NTLM authentication stuff and everything should "just
work". However, unsurprisingly, there's a big soul-selling
aspect to this that I just don't like...
Anyone have any ideas on the best ways to deal with
authentication and databases? How do the big boys
(Oracle, etc) deal with this?
Later,
Kenn
More information about the ILUG
mailing list