Jump to content

[SOLVED] Question regarding implementing a User Management system....

Kevinmun

By Kevinmun
in PHP Coding Help

Recommended Posts

Kevinmun Newbie

Kevinmun

Posted
Posted

My question is pretty general.  I want to write a simple user management system with three levels of access (regular user, admin, and super admin) all with different privileges.  So I can think of two ways to do this....

 

1.  Make one user table that will contain all of the users regardless of type and add a field that distinguishes whether they are a user, admin, or super admin.

 

2. Create three separate tables, one for users, admins, and super admins.

 

My thinking is that number 1 might be easier to implement, but I'm not sure I want to give users any write privileges to a table that contains admins and super admins.  I'm worried this might make the application a little more vulnerable to attacks.

 

So my question is which method is more common and are there any major advantages or disadvantages besides the first being easier to implement and second possibly being more secure?

Mad Mick Newbie

Mad Mick

Posted
Posted

I would suggest the first since it is easier and cleaner to implement.  I don't see the 2nd as much more secure - if they can access your main user table then it will not take much effort to access any other table.  You should concentrate on security further up the line.

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted
I'm not sure I want to give users any write privileges to a table that contains admins and super admins.

If that statement is referring to your database queries, your database connection user/password/privilege is completely different from an application user/password/privilege system.

Kevinmun Newbie

Kevinmun

Posted
  • Author
Posted

I'm not sure I want to give users any write privileges to a table that contains admins and super admins.

If that statement is referring to your database queries, your database connection user/password/privilege is completely different from an application user/password/privilege system.

 

So I guess that's two votes for method 1.  I know I've seen method 2 before and I know there has to be a reason people do it that way.  I assumed it was security.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.