6

The company where I'm at has databases on one server and PHP on another. The database server uses Windows Integrated Security, meaning they check the domain name and password of the computer you're logged into and allow a connection to the server only if the credentials match. Our PHP server account, however, does not have access to the database server whatsoever.

Today I finally got a service account for our database server so I can set up a database to store marketing orders. But, since the PHP server account doesn't have access to the databases, I can't insert the data. I'm wondering if there's a way to give my personal domain credentials in the request and authorize it myself.

Thank you!

EDIT: Thanks to Mike in the comments, I realized that what I need to do is use the impersonate function so that all requests to the server impersonate me. But how would I do that?

Thomas Riley
  • 399
  • 3
  • 11
  • I don't believe it is, because that answer doesn't tell me if it's possible to send my personal domain credentials along with the request. As far as I know, by using that command, it would still attempt to log in using the PHP server's account, which wouldn't work. – Thomas Riley Aug 09 '13 at 22:12
  • Isn't that what the answer mentions? – Mike Aug 09 '13 at 22:14
  • I guess you're right, I have to use FastCGI's impersonate (really should have read further down the link the guy posted, sorry about that). But how would I tell the impersonate to use my domain name? – Thomas Riley Aug 09 '13 at 22:21
  • Sorry, I don't know. I just Googled the answer and that's what came up. – Mike Aug 09 '13 at 22:23

1 Answers1

0

Run your Apache server with a service account. Your database administrator must give access to the database the service account.

If Apache runs in the system account, it youses ntework service credentials to access the database. It would be insecure to allow the network service account to access to the DB.

Lorenz Meyer
  • 19,166
  • 22
  • 75
  • 121