Security: grant vs. session/user-based

bunner_bob

I've got a content-management system with two sets of pages. The "public" pages only contain code to read from the database. The "admin" pages contain code to insert, update and delete from the database. To gain access to any of the admin pages, you must be logged in (username and encrypted password stored in a "users" table) and your status is registered as a session variable (so logged in status can't be spoofed - I think).

I used to have two different connection scripts - one for the public side (localhost, publicuser, publicpassword) and one for the admin side (localhost, adminuser, adminpassword). I granted permissions for these two users, with the public user only having "select" privileges and the admin user having select, insert, update, delete. This is in addition to the above-mentioned password login.

The hosting company I'm using won't let me grant/revoke permissions, though they say they can do it for me if I request it. I'm wondering how necessary it is. Even if the publicuser has select, insert, update and delete access, there's no code in the public pages that does anything except select. All the admin pages require login, so the general public won't likely get in .

Is it necessary/advisable to have my host set more restrictive permissions for my public user?

sfullman

generally, no, the session variable is OK. Make sure you store password in session not cookies. Thatway the secure info is stored on the server; it's just referenced through a single cookie on the user's side called the session cookie, a long hex string.

Nevertheless you're ahead of the crowd, most people don't think that far. I generally do the things you mention not out of fear of the user but because some of my applications are so complex it builds in an extra level of security.

Sam Fullman
Compass Point Media