开发者

application access to varrying databases

I am working on a project and was wondering what the best practice for the following scenario would be?

I am developing an applicati开发者_如何学运维on that needs to have user access control. When the user launches the application they will be prompted for username and password. The application is designed such that users will be connecting to different databases depending on what school they are from. So, each school is going to have a different database address. So, would i ask the user for the database url at the login prompt too?

Also, how do i re-strict access to the database to only allowing that application access to the database? For instance, you can't launch a different application and try to connect to that database with the same username and password, because it is not the correct application?

Thanks, if you need me to explain anything further, please let me know.

More Detail:

The list of schools would not be set at compile time. Schools would select to use the application and then set up a database for the use of the software and then their students would use the application. So, there would not be an initial list of schools. What would be your suggestion to solve that problem?

Each school host's their own server.


There's no need to do a different database per school, or even a different table for that matter.

You can just use a tables like

school  -- all schools with data belonging to that school.
------------
id integer primary key auto_increment
name varchar(255)
unique index idx_school (name)

user -- all users from all schools in one table.
--------
id integer primary key auto_increment
username varchar(255)
passhash varchar(200)  -- hashed and salted password
salt varchar(10)       -- salt used, not encrypted, but different per user.
school_id integer not null foreign key references school(id)
unique index idx_user (username, school_id)

Select a user using:

SELECT u.id FROM user u
INNER JOIN school s ON (s.id = u.school_id)
WHERE s.name = :schoolname
  AND u.name = :username
  AND u.passhash = SHA2(CONCAT(salt,:password),512) 

The :.... are your parameters.


Instead of asking the users to select or enter their corresponding database address, you can use the password they will be using for authentication and make a user using the same password on the corresponding school database with limited privileges (for e.g. Update,Insert etc. only not giving Drop or delete). So depending on the school selected, the corresponding database url (hard-coded or loaded from a configuration file) will be selected and the password entered will be used for connection, if its correct then the connection to database will happen successfully.

Although this is not solving the second problem of other applications accessing the database with same credentials. Will update the answer if I think about it.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜