Posted by Chung Leong on 10/21/00 11:45
MaXX wrote:
> Jiri Fogl wrote:
> > You should have more detailed authorization - not only auth'd
> > non-auth'd, but every user must have its access information, so system
> > can recognize who is that man who wants to delete.
> The problem in my particular case, is that the system can't know who will
> delete as there is no explicit ownership. The table in question is a log
> and the creator is a script.
>
> Your suggestion can be very usefull for another area of my project...
>
> Another idea is to only allow the php script to set a deleted flag wich only
> hide the record and wipe or undelete them by other means ...
The question isn't so much about ownership but authorization. If
deleting arbituary records in the table is not supposed to happen, then
logically it follows that there is a rule governing which records can
be deleted.
[Back to original message]
|