Posted by Gordon Burditt on 03/13/07 01:39

>> Any dangerous operation (i.e. altering a database entry) needs to be
>> authorized at the time of the submission.
>
>ok - so just to clarify, what is the technique to do this- with a meta
>table on the database server, i.e.:
>
>
>Table Permissions:
>
>UserID: int TableID: int RecordID: int Permission: int

>how about with sessions?

A quite reasonable rule is that only a particular session can alter
data (say, a shopping cart contents) associated with that session.

>if anything else, can you give some
>specific techniques as to how to do this? what i'm really trying to
>get to is, what is the generally accepted, easiest (built into php?)
>way to ensure that the user is authorized to edit a row upon
>submission? thanks for all the posts.

There are all sorts of different rules possible, and it depends
largely on the site and what it's for. Usually, these are related
to "business rules", for example, customers can't alter prices or
give discounts to other customers. Only supervisors can approve
refunds or orders over $1,000. You can't cancel an order after it
has been shipped (at least not directly; talk to customer service).


1. No one is allowed to edit anything through the web.
("read only" informational site, porn site)
2. Only site admins are allowed to edit anything.
("read only" informational site, porn site)
3. Users may sign up and create their own accounts. Subsequently,
they may edit their own contact information and password. Users may
create and edit their own orders in process of creation, but not
after submission. Customer service reps may edit any order.
(e-commerce site, perhaps)
4. Users may sign up and create their own (class 0, initially) accounts.
Subsequently, they may edit their own contact information and password.
Class 2 accounts and higher may read posts. Class 5 accounts and
higher may reply to posts. Class 6 accounts and higher may start a
new thread. Class 14 accounts and higher may delete any post.
Class 15 accounts may alter the class of any account.
No one may edit (other than by deleting) existing posts.
(forum site with multiple access levels)
5. Anyone may edit anything (I've heard Wikipedia described this way).
6. Anyone may post anything. No one may cancel anything.
(USENET).

The concept of a "user" needs to tie in with the existing setup of your
site. If a user can edit "his own" records, there needs to be some way
to determine who owns a record. Perhaps "a user's orders" are defined
as orders created by that user while logged in under that account. An
e-commerce site that lets users create orders on another user's bill in an
unrestricted manner won't last long.

[Back to original message]