timb551
asked on
Resetting MYsql user password from VBA front end
I have a VBA frontend system which connects to a mysql backend.
It authenticates on manually created mysql users which are setup to allow access to further databases once authenticated.
I need to investigate offering users to ability to change their own mysql password without having an admin having to do it at command line level.
Obviously im consious of security and need to get some ideas on how to acheive this.
thanks
It authenticates on manually created mysql users which are setup to allow access to further databases once authenticated.
I need to investigate offering users to ability to change their own mysql password without having an admin having to do it at command line level.
Obviously im consious of security and need to get some ideas on how to acheive this.
thanks
Are your users in "mysql" or in a table as part of the database. If it's the table as part of the database, then it's just a field. create a couple of text boxes and the appropriate code and Update it.
ASKER
The users are actual mysql users in the same way that the root mysql user exists.
I need to investigate offering users to ability to change their own mysql password without having an admin having to do it at command line level.
A seriously bad idea.
Better to run a CMS like WordPress, if you must managed users + sessions.
You can do this in any language, like VBA, and you'll end up rewriting code that already exists in every CMS.
Normal approach for systems is to implement a user management system, so users can change their password (in the management system) this never effects a database password.
Keep in mind, for a person to change their database password, they're going to require high admin privileges.
Basically to change a GRANT, you must have the equivalent of the database root user/pass to change another user/pass.
So to do what you're asking, you'll have to give every user root level database access.
This means any coding problems... which allow them to escape their App... will allow them to accidentally destroy your system.
A very bad idea, when you work through all the details of what you're asking.
This is why, for example WordPress never allows any password change to the database, users can only change their own user password inside the WordPress user management system for the site.
A seriously bad idea.
Better to run a CMS like WordPress, if you must managed users + sessions.
You can do this in any language, like VBA, and you'll end up rewriting code that already exists in every CMS.
Normal approach for systems is to implement a user management system, so users can change their password (in the management system) this never effects a database password.
Keep in mind, for a person to change their database password, they're going to require high admin privileges.
Basically to change a GRANT, you must have the equivalent of the database root user/pass to change another user/pass.
So to do what you're asking, you'll have to give every user root level database access.
This means any coding problems... which allow them to escape their App... will allow them to accidentally destroy your system.
A very bad idea, when you work through all the details of what you're asking.
This is why, for example WordPress never allows any password change to the database, users can only change their own user password inside the WordPress user management system for the site.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.