NYCPHP Meetup

[bz-gmort at beezifies.com]

Kenneth Downs wrote:
> bz-gmort at beezifies.com wrote:
>>
>> Why do you need to store the password?
>>
> <snip>
> Database access.  Each trip to the server requires that you make a 
> connection to the server.
>
> In the PHP+MySQL world it is taken as an article of faith that you 
> connect to the database as a super-user or admin, and your application 
> code handles security.  But not everybody thinks this way.

Thanks.  That was the only reason I could think of(not MySQL actually, 
but any external system you need the php script to authenticate too and 
want to manage security in that external system at a user level).

Though I would argue that is standard to use a single userid/password 
for all connections, not that it is the admin or super user.

I would be tempted towards using some sort of token generated 
authentication scheme instead, so instead of saving a userid and 
password in the session you save a token.  But I'm not quite sure to 
what levels MySQL has advanced DB wise, and not every third party app 
will support an alternate authentication mechanism.  And in the end, if 
it works, why bother?