Reply to Re: Newbie - Help needed with secuirty type issue

Your name:

Reply:


Posted by toedipper on 09/02/05 01:18

Malcolm Dew-Jones wrote:

>
> The solution details will depend on the database layout and the login
> method, me thinks, but is trivial to do.
>
> The script that edits the details must check who is logged in each time it
> runs, and compare that to the owner of the record they wish to edit.
>
> But like I said, the exact details of how to do that check will vary
> enourmously depending on how you implement the login, and how you store
> the ownership information about the records.
>
>
>
> --
>
> This programmer available for rent.

Cheers. I was thinking among that line myself. Here's the plan - when
a user logs in I'll register a session id with the username

Then I'll edit the update script so that it pulls the associated
username of the property id being edited and ensures that it's the same
as the username of the session variable. This should mean that if anyone
tampers with the url then they can't go any further.

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация