Paul

I consider the ability to "DROP" a table a pretty special privilege, and that's exactly what I'm trying to keep certain user's from doing This is just a general security issue, not geared to any single application. Again the point is, the script has to have a username/password, that's a given, what I don't want to have happen is, through some hole that I missed in my code, someone entering the sql query code that would drop the table. Yes, it would be my fault for now 'safety-checking' all user input but it would sure be nice if I knew that the username/password that was logging into the Db didn't have the permissions to do it at all, that's all. Again, not a major motion-picture, just worrisome. Later, Paul

Thanks for the comments Rayners and Lianna. First your point Rayners ... actually all the scripts ask you to modify the configuration file to reflect the username, password and database name (or preface) that the script is to use to create and maintain the database. Now this is a certain level of security of course, since the only databases that can be accessed with that password are the one's that have been created by the application or program. My situation is this, I have a database with about 40 tables in it. The application I'm creating has a username/password that allows access to the database and all associated tables. Now "in theory" this password is stored in $_SESSION variables which should never be accessible to the users. Keyword here is "theory." My concern is that if some evil person somehow gained access to the raw PHP source to the application (don't ask me how it could be done, I'm not a cracker and have no desire to be one), that person would now have the ability to directly access the database and do whatever they wanted to do to the tables. Mind you, my application is far from a "top secret" type thing, but it is going to be a fairly sophisticated and database intensive system and I want to protect my data as much as possible. My goal in life was to have a username/password that would allow all the normal Db operations necessary but could be restricted from operations like "EMPTY" or "DROP" and such. I know it can be done in mySql but not the way it's set up right now. I guess the point is this, the reason we can't do what I'd like to do is *probably* that in order for us to do it, TCH would have to allow each of us "full" privleges to the 'user' database, the same privleges we have to give the users to access to our databases. (Did that make sense to anyone else? LOL) It's probably a moot point, I doubt that anyone is going to find my site valuable enough to justify breaking in. If I ever do carry super sensitive information I'll be much more concerned and probably be forced to going to a dedicated server to get full administrative privileges. Anyway, that's just my thinking on the issue. Later, Paul

well I got asked so I'll answer ... I don't think it can be done I've played with it since I found the information in the documentation but it appears that we need to have access to a secured database which we just don't have. The only thing I can think of regarding Lianna's being able to use the GRANT statement is that she has some kind of 'superuser' access that we don't . I am probably missing something incredibly obvious here so if anyone, anywhere has a sample script that has successfully run on the TCH user account PLEASE post it. I'm very uncomfortable putting a 'master' password in my php scripts but so far I haven't found a way around it. I know this doesn't help but maybe it will inspire the head guru to jump in with some ideas on how to secure the databases, or explain why it's not necessary. Thanks in advance for any input on this issue! Later, Paul

Rayners you could very well be correct. The only reason I tend to think it's pretty straight forward to upgrade is that the link on cpanel is just that, a link to a whole new world. I may be very wrong but it wouldn't make sense to have all the functionality of cPanel embedding somehow in the cPanel code. Just my thoughts though, we'll have to wait and see But thanks for paying attention anyway LOL Later, Paul

Not sure where this should be posted so I'll post it here and see what happens. There is a new version of phpMyAdmin in general release now, version 2.4.0, and I was wondering when, and if, TCH was planning on upgrading the servers. If it's an issue I can just install it in my own webspace but thought I'd save myself the "learning" loop if you kind, wonderful, understanding, patient, all-knowing guru's were planning on the upgrade in the near future Thanks in advance, Paul

ROFLMAO well just as a side note, it's probably best NOT to add an auto prepend file to your configuration prior to uploading the damn thing! hehehehehe I'm sure glad I'm playing in a "work" directory! Later, Paul

LOL oh well as lianna mentioned in my previous question .. worst case the wonderfolks at totalchoice can always reset my entire site if I mess up too bad Thanks, Paul

Okay Rayners, I've looked at the library I'm trying to install (phpLIB) and the php documentation and *think* I've figured out how to do this, now I'm just not sure where to do it. I think if I add the following lines of code to the .htaccess file in the public_html folder of my site it should work. What do you think? Any comments would be appreciated Thanks, Paul <IfModule mod_php4.c> php_value include_path ".:/usr/local/lib/php:/home/xxxxxxxxx/lib/php/includes/phplib/" php_value auto_prepend_file "/home/xxxxxxxxx/lib/php/includes/phplib/prepend.php3" </IfModule>

LOL Rayners you be da' man! I've been in that manual all morning and missed that Thanks again Later, Paul

Subject pretty much says it all Thanks in advance, Paul

Watch it KW I'm already in Florida LOL ... Beachside of Melbourne, where are you? Later, Paul

LOL adding my new favorite: If all else fails, post on the totalchoice forums Thanks again all! Later, Paul

Thanks for the responses folks! after a full night's sleep and allowing the scotch to be absorbed I decided to try something revolutionary ... I looked at the mySQL documentation Lo and behold, there's an SQL command "GRANT" that will do anything I wanted to do (insert pic of Paul doing the snoopy happy-dance here) ... Thanks again, I'm sure there will be many more questions to follow as I manage to mangle a perfectly good web-account ! Later, Paul

Is there anyway to set up different security 'levels' for use with PHP in accessing a database? My scripts are working okay but I'd like to be able to use a password and username that doesn't allow for some operations, i.e. drop table LOL ... it seems to be a pretty logical request but I'm darned if I can find any information on setting security levels on the username level. Thanks in advance for any help (*sigh* again) Later, Paul

Just to close out this thread, and to let future reader's know, Lianna and Nick managed to track my problem down. It turned out that it was indeed a scripting error and I now sit here with mucho egg on my face! The support here is truly awesome and they went way "above and beyond" to give me a hand! Didn't want anyone to think I was left hanging here, not at all the case! Thanks to all, Paul

I second the php site as being a great reference point. Additionally, I found that downloading some free PHP applications and ripping apart the code to see what makes it 'tick' was a big help, just make sure the application you pick actually works or you'll find yourself in a world of hurt LOL Good luck and have fun! Later, Paul

Yeah Lianna I read the docs and followed the installation instructions. I don't think it's their problem unfortunately and my bigger concern now is finding out why the file's not being found. If it's something I'm doing wrong, certainly a very real possibility, I need to know so I can stop doing it LOL ... if it's something my server's doing wrong, I need to get that fixed as well. Rapidly approaching the "head through monitor stage" now Let me know what I can do at this point to narrow the search please! Thanks, Paul

okay, change link to adminmenu.php to bogus.php and it works fine ?????????????????? I think "perplexing" is rapidly becoming an understatement LOL Later and again thanks, Paul

yeah lianna, I got it from greenpepper why? The other wierd thing is, if you go to the main php file and bring up that demo menu, the option to reset the database works fine. I changed the link to adminmenu.php on that menu to test.php and it didn't work either. brb, I'm going to try changing the link on the demo to bogus.php and see if it works okay. BRB, Paul

okay, now you've got me really confused (yet again) ... I move test.php to the public_html folder and life is good (same error as you got Lianna ) ... but in the "correct directory" it still gets the darn 404 error. Now just to add insult to injury, and maybe point somebody somehow in the right direction here, I don't think it's a problem with folder or file permissions because ... http://www.villagebistro.info/phpAquaScape...reweb/bogus.php works okay and the bogus.php file has the same permissions as test.php and, for that matter, adminmenu.php I'm going nuts here Lianna LOL (although my wife insists that happened long ago!) Next step???? Thanks for your patience, Paul

well I don't think it's the actual PHP code that's the problem, although it's certainly possible knowing my coding skills. I'm starting to wonder if it's the PHP system on the machine itself???? I know it's a long shot but it's about all I can think of right now. Guru's out there that might have a clue????? Confused in Florida

Okay, same file, renamed to test.html, no problem (well of course it doesn't display right but it's there!) Problem with the php handler???????? OMG I might have actually found something here LOL Input????? Thanks, Paul EDIT: sorry forgot new link: http://www.villagebistro.info/phpAquaScape...reweb/test.html

OKAY Now I'm getting angry LOL ! I just copied the same file to a new file named "test" .... it's an HTTP 404 file too! akkkkkkk I can look at in from ftp and from cpanel but when I try to go to it I get the 404 error. Now I know calling it directly should give me some php errors or other types of errors but NOT the 404 monster I'm very sad now http://www.villagebistro.info/phpAquaScape...ureweb/test.php Thanks anybody that can help me here! Later, Paul the dummy

Lianna , thanks for getting back to me so quickly! Yeah, the case thing has tripped me up in the past and I'm not falling for that one again! Your link to the demo intro is where, when the button is pressed, the error occurs do any of the tech's have access to the files on my site, just to take a quick peek at that file and verify I'm not crazy? There are a couple of files in that directory I can't access but far more that are fine????? it's just crazy! Thanks again, Paul

okay this is making me crazy, I have a page on my site and I'm darned (not what I want to say there) if I can figure out why it's not being found. Could one of you guys give me some ideas? PLEASE. It's got the same file permissions as every darn (ditto above comment) file and I can look at in from the file manager in cpanel so I know it's there ????? http://www.villagebistro.info/phpAquaScape...b/adminmenu.php