Link to home
Create AccountLog in
Avatar of timb551
timb551Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Resetting MYsql user password from VBA front end

I have a VBA frontend system which connects to a mysql backend.

It authenticates on manually created mysql users which are setup to allow access to further databases once authenticated.

I need to investigate offering users to ability to change their own mysql password without having an admin having to do it at command line level.

Obviously im consious of security and need to get some ideas on how to acheive this.

thanks
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Are your users in "mysql" or in a table as part of the database.  If it's the table as part of the database, then it's just a field.  create a couple of text boxes and the appropriate code and Update it.
Avatar of timb551

ASKER

The users are actual mysql users in the same way that the root mysql user exists.
I need to investigate offering users to ability to change their own mysql password without having an admin having to do it at command line level.

A seriously bad idea.

Better to run a CMS like WordPress, if you must managed users + sessions.

You can do this in any language, like VBA, and you'll end up rewriting code that already exists in every CMS.

Normal approach for systems is to implement a user management system, so users can change their password (in the management system) this never effects a database password.

Keep in mind, for a person to change their database password, they're going to require high admin privileges.

Basically to change a GRANT, you must have the equivalent of the database root user/pass to change another user/pass.

So to do what you're asking, you'll have to give every user root level database access.

This means any coding problems... which allow them to escape their App... will allow them to accidentally destroy your system.

A very bad idea, when you work through all the details of what you're asking.

This is why, for example WordPress never allows any password change to the database, users can only change their own user password inside the WordPress user management system for the site.
ASKER CERTIFIED SOLUTION
Avatar of timb551
timb551
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer