Posted by toedipper on 09/02/05 01:18
Malcolm Dew-Jones wrote:
>
> The solution details will depend on the database layout and the login
> method, me thinks, but is trivial to do.
>
> The script that edits the details must check who is logged in each time it
> runs, and compare that to the owner of the record they wish to edit.
>
> But like I said, the exact details of how to do that check will vary
> enourmously depending on how you implement the login, and how you store
> the ownership information about the records.
>
>
>
> --
>
> This programmer available for rent.
Cheers. I was thinking among that line myself. Here's the plan - when
a user logs in I'll register a session id with the username
Then I'll edit the update script so that it pulls the associated
username of the property id being edited and ensures that it's the same
as the username of the session variable. This should mean that if anyone
tampers with the url then they can't go any further.
[Back to original message]
|