Reputation: 3
How to create an access control for my wordpress site using mysql database
Thank you all for the responses to my previous problem. Few info abut my project : I am volunteering for a 'not for profit' charity (Khan House Foundation, Bangladesh). They provide scholarships to the students (of class 4 and class 7) based on merit. They will publish exam (to test merit) results in their wordpress website. So I need to store (a) school : school info (name, address ... etc details) (b) student : student details (name, school name, address, ... etc) (c) class 4 : marks sheet for all the subjects for students of class 4 (d) class 7 : marks sheet for all the subjects for students of class 7 and may be few more tables.
Activities : few people from the admin will log in and input data, (privilege : ALL). students will log in and can see the test results, (privilege : only SELECT). school will log in and can see results/info of all the students of that school, (privilege : only SELECT).
I have some knowledge in RDBMS. This access control can be easily done in mysql user permission. Just create some users and GRANT appropriate permissions.
my confusion : WP users and mysql users are not same. for the entire site, there is only one mysql user. and for the website, there will be many users created in the wp-users table. the users are different (for wp and mysql). may be my knowledge in GRANT/REVOKE will be of use here ? or how can i manage this issue. I could not figure it out.
I searched a lot in google and found that people are using plug-ins for access control. I think plug ins control access to the pages but i want to put control over the database tables/fields relating to the users.
Is there anyone who can give me some good suggestions please. And thank you in advance.
Murshed Khan.
Upvotes: 0
Views: 256
Answers (1)
Reputation: 11
In webdevelopment sites usually run on a single Database User, as is the case with Wordpress. That means when securing it, give this mysql user only basic privileges like select, update, delete and not much more. Things include in ALL like drop table etc can be exploited if the site is compromised.
To handle who sees what data and can change what, you should take care of that with the WordPress user management. These things are seperate from each other. There are some plugins which allow you to define which users can access what above the default privileges of editor, author, editor etc.
If you need something custom, check the add_role functions of WordPress.
Upvotes: 1
Related Questions
- Simple PHP/MySQL ACL System
- PHP Access Control System
- How do i write restrict access to a page?
- authorise user from mysql database
- User access management in wordpress
- How to provide access rights to database dynamically from user side in php?
- How to manage user access and user permissions
- Access control for multiple users in a web application
- Access policy in PHP and MySQL
- Setting database and access control permissions