Security design questions

I'm currently working on desiging several web based applications that
would be grouped into a larger web based menu system. However I'm not
sure exactly how to go about making it as secure as possible.

I'm guessing most systems are setup in the following fashion. Create a
single user account (I'll reference this account as ROOT) that has
access to all the tables my applications will use.

Create a table for storage of username/passwords/userid # etc etc
Create a table with permissions details for each user userid # so when
the menu page is displayed it knows what programs to show to the user.

At the login page have the user enter their login and password. ROOT
accesses the user account table and verifies the entered information is
valid.

So the user is now logged in and page simply displays all applications
based on the permissions table for their userid #

I guess my questions are is this safe? If somebody is able to access my
login.php page (really any other pre parsed .php file) that uses the
ROOT account to access any other table they would essentially have
access to all applications.

As long as I don't allow access to my web data files via any other
method but HTTP can I ensure that my web server wouldn't allow users to
access pre parsed PHP files?

Any input/suggestions?
Thanks
Eric
Received on Mon Oct 17 21:12:31 2005