So I'm currently in the process of creating a small public website (where users can, for example, log in and change personal information), but I am wondering how the database security is actually designed for that type of thing, so I have several questions.
When an internet user accesses a page like stackoverflow, for example (without logging in on the site), which database user or role is he logged on in order to be able to see all the posted questions? Then, when the user logs in with his account, does his role in the database change (since he has more rights)?
If I setup my database to have a "Users" as well as a "Permissions" table, I can make sure that a user can only have access to his own data, at least application side. But how do I make sure the data is still protected database side since I suppose every public user has the same "database login" or "role"?
I know my question is probably a bit unclear, but don't hesitate to ask me for clarifications. I didn't really know where to begin.
Thanks.
P.S.: I'm currently using SQL Server
Database role doesn't change, but functions do. Users are authorized from the back end code, not from directly database. If you are trying to create logins for every single user for your database, that would not be a good aproach since there could be thousands or milions of users which somehow can have direct access to your database with some permissions.
You've almost answered your own question.
Generally, your website will run under some user account, lets call this 'IWEB', this user account will be the same for everyone that hits your website, regardless of whether the user is logged into your website or not.
IWEB will have permissions to read data from a database. That's how the anonymous users work.
In your database you will have a user table, possibly a permissions table. IWEB will be given database permissions to create new users, update users. It possibly will be prevented from deleting users.
Your application will (though IWEB) use these tables to control who has access to your application and who can update what. A bug (e.g. SQL Injection) in your application could allow a malicious user to create admin accounts, change other users passwords etc...
In certain scenarios e.g. using Windows Authentication, you can pass through the user logged into your site, translate that into a database user and given them permissions. However you are unlikely to do that for a public facing website.
You could possibly do something where the tables are not directly accessed, but are controlled through stored procedures, denying access to the underlying tables. One of the parameters is the currently logged in user, that could then control access at the database layer (prevent a user updating another users profile). Unless of course your application has a bug that could allow an attacker to change their currently logged in user.
It all depends on your security requirements. In the main though, you will control access at your application.
What's wrong with having an Anonymous user in the Users table, having the lowest privileges in the Permissions table?
To your first question: When a user first lands on a web page they have no 'role'. Your scripting will decide what the users can and cannot see.
For example you have a post that only certain user can see. That post will be hidden by default. Your script should then run a test to see if the user is currently logged in and if that user is in the permission group to view that post. If they are, then show the post.
Your database should not be accessible either way.
Related
I'm creating a web app that users will create an account for, which allows them to read/write data on a database. I'm about to start creating the login authentication part of the website, and its my first time really doing this part. As I understand it, I'm going to create a users table which will store all the necessary login info for the website.
I know there are also database roles/permissions. My question is about how the 2 relate in this instance. Do I need to authenticate the users on the website and the database? My thought process was that if all of my PHP scripts are set up in such a way that the session data will only allow authenticated users read/write to the DB, then I don't need to do anything on the database end, but I want to make sure I'm thinking about this correctly.
Is that clear as mud?
If I understand correctly, your question is wether or not your users need access to your database.
Your users are not going to communicate with the database directly. Your app will. Your users are only going to use your app which will act as an interface between the user and the database.
Therefore, only the app needs access (and the appropriate permissions) to the database. Because it now has access to the database, it becomes responsible for making sure that only the right people can perform certain actions. (by means of a login- and permission system)
If not all users should have the same permissions within your app (you might have normal users and administrators), you need to create a permission system within your app that checks wether a user has the appropriate permissions to perform a certain action.
For instance if someone tries to delete some important data, you
make sure he's logged in (if he's not, redirect to the login page)
make sure he has the appropriate role / permissions (in this case he should be an administrator - if he's not, cancel the action)
Symfony's page on Security gives some insight. Just skip the Symfony-specific parts and read about the general idea.
Your users will authenticate on your website (by requesting details about their validity from the database). Once authenticated they can do things that the website gives them access to.
The only user that will communicate with the database directly is you/your website. Your database will have a table entitled 'users', but the actual user of the database should be no one else but you - you don't want to give random users free reign. You can then set what database queries you wish the database to perform on certain users actions.
Hope that helps clarify
I am trying to create user accounts for my website(To store preferences and data) and I am wondering if anyone could help me with two things.
First, I have looked around a lot, but cannot seem to find any good resources on creating user accounts for a website(all of the web results seem to be about user accounts on a computer or server), so if anyone could suggest a good resource to learn about creating user accounts, that would be great.
Second, what is the best way to remember if a user is logged in? Right now, I have a database that stores users with their emails, passwords and other data. I am wondering how I can check on each page to see who the user is(after they have logged in). Would I use a cookie for this?
If so, how would that work? Would the cookie store their username and password? That does not seem very secure but it is the only way I can think of at the moment.
I bet you could find some resources for developing a user membership system.
Basically you can use sessions and cookies.
You're right that cookies are not very secure for storing usernames and passwords, but you can store only one cookie with the user ID.
Resources
User membership with PHP | Nettuts+
MySQL & PHP User accounts | Pete's web design blog
A google search of PHP User Management Scripts brings out these following results:
Free PHP User Management Script: LOG.ME.IN
Repox/Simple Users
Many at PHP.ResourseIndex.com
Although you may need to customize each and every one according to your requirements.
For sure you need to see $_SESSION and $_COOKIE.
how is it possible to make something like this:
Admin Creates accounts with specific username and password
then from the website the user logs in to his account and views personal account data the admin uploaded to his account.
For instance there is a client who has bought something.Then he logs in to his site account and views what he bought last week (in fact browsing specific server data)
How can that be done?With a simple script?A cms or what?
Thanks for any help!
The best answer is in google :)
Really try to search a little in google something like "user management with php" and probably you can find a huge quantity of answer.
Btw i think that to do a basic user management with php you need:
Design a database that handle user and if needed basket, and whatever you want (news, etc.).
Then the basic information you need in your database for usera management are:
Username, email, password (be sure that the password is crypted for example with md5) and the user role (admin, editor, etc).
You need to specify the user roles (i think you can use a table for it, or a file, it is only up to you to decide how roles are handled).
For track purchase of the user you must create a relation between purchases and user_id So for example you can have a table called orders where you have minimum these files item_id order_id user_id so the user can have in its dashboard a complete tracking of its history.
Then how to manage user sessions? You can use COOKIEs so if the user login succesfully you set a cookie into user browser, and then check if the cookie exist you show for example some information, if the cookie doesn't exist you show other informations.
These are the basic steps to manage users (probably many information are missing). But this is good if you want to learn something, but if you want something strong and probably more secure you can think to use a CMS and maybe only create some customization of it if needed.
You could do it with script, or cms. I think script is more suitable than cms - which would be overkill, and you would have to spend more time trying to get the cms out of the way than actually doing what you want.
The best option in my mind however is a framework. Seeing as how you have tagged your question php, I am going to recommend CakePHP. This will allow you to solve your problem quickly, by making a simple app based on user accounts, and also to be able to leverage existing codebase (including plugins like ACL for example). This approach will allow you to maintain structure, and develop/maintain your app more easily in the future.
I'm currently working on developing a Symfony2 app that will not only accept
user registrations, but will allow visitors to go through almost the
entire flow of the site without creating an account or logging in. Design ideas look something like this (suggestions/improvements welcome):
When a user logs in to their account, data will be persisted to the user/related entities as normal
When an anonymous user hits the site for the first time, an "anonymous user entity" is created for them as if they'd registered, but with something like USER_<session_id> as an identifier instead of a personalized username. Any activity they perform on the site is persisted to this anonymous user entity
When an anonymous user chooses to register, their anonymous user entity is upgraded to a registered user entity, preserving their data for future use
If an anonymous user leaves the site without registering, the anonymous user entity should be cleared after a while to prevent buildup of dead data
What's the best way to go about this? Specifically, what is considered "best practice" for creating/manipulating a User entity for an anonymous user without having to place code into every controller?
I would advise against using the IP address for this, as it could cause problems for users behind a NAT.
Using a custom cookie, or the sessionId (PHPSESSID) cookie as an identifier for tracking purposes would be a better idea. Google uses this strategy for its ads business. Stand on the shoulders of giants!
I have something similar to this that I've had to do. What I did was collected the anonymous users ip address (using ($_SERVER['REMOTE_ADDR'])). I then used the ip address for tracking purposes. You can then use that when they register to append their past usage to their newly created account.
You can then just run a simple query to drop any ip address that hasn't had activity in a while (most users have dymanic ip addresses so it will change every so often anyways).
I'm going to develop a multiuser system, where people can register an account, log in, store and manage the data of the account. For example, email address idetifiers a user.
Could you tell, please, how to provide the user of one account access to the data of another account. For example, by providing a link in the account that gives access to another account.
It looks like Google Analytics uses a mechanism similar to this one to give access of one user access to the account of another user.
Thanky you very much, Oleg.
Providing code will be impossible here but, I'm going to guess at your setup and we'll see what happens.
So, you perhaps have a users table and a data table.
One option, is to allow Private and Public options on the data table. Public can data can be accessed by anyone.
The other option is to have another table dataPermissions where you associate data ids to user ids. When listing data, if the data item isn't owned by the current user, they must have a corresponding entry in the dataPermissions table.
Remember though, providing code and examples of you database structure is the best way to get a good answer.
Update
Okay, so we know that users are identified by email and can have one or many links to data. Those links can be shared to other users. Therefore, you are going to have a table for users, identified by email, and a table for data which is identified by its link.
Therefore, a user can choose to add more users to a link. For this, you would need a new table that associated users and links, i.e. a userLinks table.