[英]Using MySQL Database login as the backend for verifying admin login on site
So I am building my first website that needs both an admin login portal and access to a simple MySQL database. 因此,我正在建立我的第一个网站,该网站既需要管理员登录门户,又需要访问简单的MySQL数据库。 I would like to ask if it is a terrible idea to basically use the access approved/denied system built into my DB to also verify the admin login.
我想问一下,基本上使用内置在数据库中的访问批准/拒绝系统来验证管理员登录名是否是一个糟糕的主意。
Let me clarify, 让我澄清一下
<!--I basically want to do this:-->
<form action="verify.php">
<input type="text" name="username>
<input type="password" name="pass">
</form>
//verify.php
<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
$connection = mysqli_connect("host", $user, $pass);
if (//Connection success)
//Allow login and load admin portal
} else {
//login fail
}
?>
There might be some errors in the code, but I just wrote it here, consider it pseudo-code. 代码中可能存在一些错误,但是我只是在这里编写,请考虑使用伪代码。 I want to know if and why this is a bad idea besides the fact that if feels dirty.
我想知道是否以及为什么这是个坏主意,除了如果感觉脏了。 Yes, I know I would still need to encrypt the username and password for transfer.
是的,我知道我仍然需要加密用户名和密码才能进行传输。
Uhm, yes, it is a terrible idea. 嗯,是的,这是一个糟糕的主意。 Here's why:
原因如下:
If you let the user login with an existing mysql user, you have a lot of security issues. 如果让用户使用现有的mysql用户登录,则存在很多安全问题。 Also you need to create a new mysql user for each user you want to add to your web application.
另外,您还需要为要添加到Web应用程序中的每个用户创建一个新的mysql用户。 You also need to consider the danger of mysql injections.
您还需要考虑mysql注入的危险。 ( http://en.wikipedia.org/wiki/SQL_injection )
( http://en.wikipedia.org/wiki/SQL_injection )
You should better create a database for your application and create a user table. 您最好为您的应用程序创建一个数据库并创建一个用户表。 In this user table you can define your users username and password.
在此用户表中,您可以定义用户的用户名和密码。 Also you can define a user type.
您还可以定义用户类型。 For example normal users and administrators, where only the administrators can login into your admin portal.
例如普通用户和管理员,其中只有管理员可以登录到您的管理门户。
I recommend using a php framework for your application. 我建议为您的应用程序使用php框架。 It makes a lot of work much easier and your code much more secure.
它使许多工作变得更加容易,代码也更加安全。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.