[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Mysql

Sorry guess I didnt check the complete thread.

Let me give you a brief layout of how things work in a three tier

At one end is the individual user using his browser. This user talks to
the webserver - his access is defined somewhere in the configuration of
the webserver. Now the Webserver in turn to serv his request connects to
the database using a given userid and password. This information is
fixed for the whole database not specifically for a table or row in a

Now MySql doesnt have row level locking you would have to go for
Postgres or Oracle for that. What I believe you are getting confused
over is that the the userid password information stored in the database
has nothing to do with the userid password combination used to connect
to the database. Also the user has no control over the kind of SQL that
is being executed to update his record.  That is controled by the code 
on the webserver/application server who is connected to the database.

What I could understand from your initial posting is that you have a
table of userid's and passwords and other information and you need to be
able to let the user update this information.

Let the user have the following information under his control npusr1,
npusr2, npusr3 and you have corresponding columns in the database and he
has a login/password like usr53/pswd432.

The webserver throws him a FORM with fields where he can fill in these

The user fills them and clicks on submit. The form submissions is
captured in a CGI written by you you has all the right to know the
database login and password. which you have hard coded in your code. The
CGI connects to the database using this login/passwd combination. Reads
the password for the userid usr53 verifies that it is pswd432 (or a MD5
hash of that password maybe???) and if true it goes ahead and updates
the user information.

Now in the whole process you as a coder never need to know all the
userid and passwords stored in the database. Neither does the user of
your system at any stage needs to know the userid/password combination
used by your code to connect to the database and update the required