I am working on an installer for a web application which allows a content manager to create a user within the database (with restricted permissions). When using the application, I would like to have the credentials the user specified for any database entries. What is the best practice for making that data persistent? It has been suggested that I could make a config.ini file to store the data, but then the credentials are completely visible. I have thought about declaring global variables, but the issue with declaring the variables is that they are available throughout the website from that point forward. Any insights would be much appreciated.
So you have users and the users have permissions to do certain things. But from that point I didn't completely understand your question.
Do you already store the permissions for what the user is allowed to do in the database and you just want to know the best way to keep those permissions loaded while the user is there? Or are you trying to decide the best way to store the actual permissions in the database?