MySQL Web Database
Posted on 2014-04-01
But I am seeing others talk about having one master MySQL user that has select rights for the database to look up user account info and compare the Password field for a user account (which is salted) with what is provided by the user at the time of login.
However, if I do that route, I would have to store the master password plain text outside the web root. Am I off my rocker, or am I missing something. My Database will have about 1,500 users.
What is the better method of implimentation? Each user with their own simple MySQL account, or a master select only User that the script pulls the master user/pass from a file outside the web directory so not to be seen, and if the salted user/pass provided by the user, matches the salt for that user in the DB table, allow them access?