Changing authentication mechanism
MyWebSQL supports three basic and one custom method of authentication. In order to change the authentication type, please manually edit the file ‘config/auth.php’ in the installation folder.
Change the directive ‘AUTH_TYPE’ to either of these possible values to change your authentication mechanism.
These methods are described below:
Authentication type: NONE
When AUTH_TYPE is set to NONE, the application assumes the authentication is already confirmed and uses the predefined values in the other three configuration directives in auth.php, in order to connect to the database server. These directives are AUTH_SERVER, AUTH_LOGIN and AUTH_PASSWORD.
Please note that if either of the three configuration directives are missing on invalid, the browser will display an error page containing an error message that database connection has failed.
This settings is usually required for demonstration purposes, where a single database with a few tables are required to be shown to allow user to use MyWebSQL in a test environment. The same setting is used on the MyWebSQL demo site also. NEVER set AUTH_TYPE to NONE on any production server as it will expose the database completely to anyone who has access to the application url.
Authentication type: BASIC
When authentication is set to BASIC, the application uses the built-in browser user authentication dialog to ask the user for a username and password. The AUTH_SERVER directive defined in the configuration file is used to connect to that database server, using the username and password provided by the user. If authentication fails, user is repeatedly asked for the credentials until a successful connection is made to database, or the browser times out the operation. On production servers, this is the least secure method of authentication as the credentials are sent over the network with each request, and should only be used if you are having problems with other authentication methods to work.
Authentication type: LOGIN
This is the default authentication mechanism in MyWebSQL and should be used on production servers.
When authentication is set to LOGIN, the application shows the username and password form to the user when it is first started in the browser. Just like the BASIC authentication method. In this case, one of the following will occur:
If you have defined at least one server configuration in ‘config/servers.php’, then the selected server from that list is used as the database connection.
If no server configuration is found in ‘config/servers.php’, then the AUTH_SERVER directive defined in the ‘config/auth.php’ is used to connect to the database server defined in the same file, using the username and password provided by the user.
In either of the above case, if authentication fails, user is shown the login screen again with the error message.
Authentication type: CUSTOM
When authentication is set to CUSTOM, the application uses a custom made (coded) driver for authentication users. To see the details about implementing custom authentication, please view this page.