I have a question on mysql tables and users. I need to know which user modified a table. I have 2 tables.
1. user (id,username, password and dtime)
2. author (surname,firstname,email,phone, LastModified, userID)
LastModified is the field which writes the timestamp when an update is made.
I want to be able to write the user id of the current user so I can know the user who made the update. User id is a foreign key in the table 'author'.
Anyone has ideas how I can do this?
This is not something MySQL can do, unless your users also have mysql accounts that they're using. You will have to modify your client-side code to include the ID of the user on whose behalf the code is running the query, e.g
UPDATE author Set surname='Foo', LastModified=now(), userID=$userID
^^^^^^^^^^^^^^^^
MySQL has absolutely NO awareness of what's going in your client-side code, so it's up to you to provide these sorts of details.
If you do have per-user MySQL accounts, then it'd be as simple as
UPDATE author Set surname='Foo', LastModified=now(), userID=USER()
^^^^^^^^^^^^^^^
but providing users with direct database logins is almost ALWAYS an incredibly BAD idea.
Related
I am working on a little package using PHP and MySQL to handle entries for events. After completing an entry form the user will see all his details on a page called something like website.com/entrycomplete.php?entry_id=15 where the entry_id is a sequential number. Obviously it will be laughably easy for a nosey person to change the entry_id number and look at other people's entries.
Is there a simple way of camouflaging the entry_id? Obviously I'm not looking to secure the Bank of England so something simple and easy will do the job. I thought of using MD5 but that produces quite a long string so perhaps there is something better.
Security through obscurity is no security at all.
Even if the id's are random, that doesn't prevent a user from requesting a few thousand random id's until they find one that matches an entry that exists in your database.
Instead, you need to secure the access privileges of users, and disallow them from viewing data they shouldn't be allowed to view.
Then it won't matter if the id's are sequential.
If the users do have some form of authentication/login, use that to determine if they are allowed to see a particular entry id.
If not, instead of using a url parameter for the id, store it in and read it from a cookie. And be aware that this is still not secure. An additional step you could take (short of requiring user authentication) is to cryptographically sign the cookie.
A better way to implement this is to show only the records that belong to that user. Say the id is the unique identifier for each user. Now store both entry_id and id in your table (say table name is entries).
Now when the user requests for record, add another condition in the mysql query like this
select * from entries where entry_id=5 and id=30;
So if entry_id 5 does not belong to this user, it will not have any result at all.
Coming towards restricting the user to not change his own id, you can implement jwt tokens. You can give a token on login and add it to every call. You can then decrypt the token in the back end and get the user's actual id out of it.
We are new in relational database and we want to create program. In our database we have company table, project table, section table and user table. We want to give a permission which are read, write to a user.
But if that user belongs to project table then it has write and read permissions but if that user belongs to section table then it has only read permission. So, Our question is how can we decide user's permissions on mysql.
So far we did,
We have tried to use Grant but it cannot be using in table and it gives a permission only a spesific person. We want to give all the person which belogs to project (write and read). And all the person which belongs to section(only read).
This answer may be useful, something you did.
https://stackoverflow.com/a/12349845/12569575
Also at the same page, there is another solution made by trigger.
https://stackoverflow.com/a/37873439/12569575
I have a database with two tables. The first one contains the user_name, user_password, user_email. The second one contains the user_name, user_age, user_description.
When a person finds the user he needs by the user_name, the script looks through the database using the user_name, to give out the information about certain user.
But if the person changes his user_name via preferences, the value changes only in the first table.
Question:
1) Is there a way to make the user_name in the second table change automatically? (To connect them some how)
I am using MySQL (phpMyAdmin).
This is just a simple example. In "real world" I am trying to manage more serious applications that have more tables. Is there an easier way than to create a separate php query for each table?
You could always create an AFTER UPDATE MySQL trigger targeting single rows for this. See the manual. It's probably not easier than using separate PHP queries for the tables, though. You don't need to spell them all out, just map up what needs to be synchronized when, and abstract your code.
However I'd recommend that you use a unique ID field for the user and only store the username in one of the tables -- and refer to the user with the ID under the hood of your code, and in both tables. Not a good idea to use something changeable as a unique identifier in your database design.
Suppose I have a website which allows users to create an account. I have user A and user B trying to register for my website. User A and User B both has chosen the same user name and the user name field in the Database table is unique. Both hit Register at the same exact time and the network conditions are the same let's assume some how the query reaches the database at the same time. How does MySQL deal with this? What happens?
If my question is too big to answer here please refer me to some source with the info so that I may study it.
Isn't it possible to store table in table?
let's say I have a list of users and every user can be admin in one or more servers.
If user an admin, then I need to store "Expired", "Type" columns for every server.
So how better to store this information?
I don't want to make columns like this:
Server1_Expired Server1_Type Server2_Expired Server2_Type etc.
Also I can create tables for every server and store the same content, but it looks ridiculous.
I'm sorry if it's hard to understand, I just don't know how to explain else.
Please try understand me :)
Create a table called admin_servers and have a few columns... id, admin_id, server_id, type, expired
This table creates a link between an admin and a server. For each row, you also have a type and expired value.