I need to set up a simple way to view customers details on another database that is owned by another person. My company is taking over customer support for the other ecommerce website so I need to code up an area so I can view his customers details.
I would like to find a way so that I can connect to his database from my server without being able to view his database login info. This will make it very secure for both parties.
My question is; does anyone know a way so I can access his db info such as customers names, shipping addresses, date ordered, date shipped, etc on my server without needing to view or use his database config info?
Please let me know if anyone knows a little tip or secret? Thanks in advance.
He can create another database user for you with only as much permissions as your company will need (for example, the ability to view the customer table but not to drop tables).
does anyone know a way so I can access his db info such as customers names, shipping addresses, date ordered, date shipped, etc on my server without needing to view or use his database config info?
Watch your question. Isn’t it like “does anyone know a way so I can access his safe without a key?”
without being able to view his database login info. This will make it very secure for both parties.
It will make it way insecure!
If you can view it without proper credentials - so, anyone can.
Please let me know if anyone knows a little tip or secret?
lock pick you mean? No, there is not, of course.
Of course, there is no way as you describe it.
But there is a lot of ways of secure data interchange
Hello, I actually agree with you. That is why I am asking this forum, I am hoping that someone more knowledgeable then me knows a trick to make it so I can access his db without me being able to UPDATE it and view his actual db login info.
Dan has a great idea which I will be trying out first. But I was hoping that there was someone to access his db without actually being able to view his login details. But I guess you are saying that its impossible?
I have always used the following code on my config files. I know it wont make it much more secure but it better then nothing:
if ($_SERVER[‘SERVER_ADDR’] == “serveriphere”) {
config info here
}
That makes it so I can only access my config file from my server ip (im pretty sure but I am a newb).
I will be trying out Dans suggestion today, but I am guessing you are saying it is impossible to do what I am asking?
Well I must correct myself.
It is impossible without knowing any login info.
But it is possible with dedicated login, as Dan said.
Mysql has great privileges system. Another user can be added, granted with only SELECT privilege only to view certain table.
Ok, I am not a server guy at all, and I have never needed to do this, but can I make 2 database users for the same database?
I need to have the normal database user (which is already set up… its the db user that your using currently) to have all of the normal privileges… then I need to add a new database user that will have limited privileges such as not being able to create/update/destroy rows.
My question: Can my host create 2 db users with different privileges for the same database?
Probably a stupid question, but I have never done this before. thanks
GRANT SELECT ON dbname.* TO username@localhost INDENTIFIED BY "password";
Where of couse “username” should be your username, and “password” should be your preferred password, and “dbname” should be the name of the database you want to access.