Reply to Re: Safely deleting a db record with php — PHP Programming Language

Posted by Peter Fox on 11/27/25 11:45

Following on from Gordon Burditt's message. . .
>>it is a deterrent. Also (probably with more bits in the random number)
>>it is _essential_ where the user cannot be validated. For example
>>"Thank you for your custom...To view the progress of your order go to
>>www..../orders.php?OID=123454345434544"
>
>I don't think I'd feel comfortable implementing such a thing (if
>it didn't require a login) if real money was involved. I'd worry
>about putting any confidential information (e.g. an order) in
>such a system also.

Why?
.... IOD=123434343443 is a shared secret no different to a username and
password. The 'must login' approach is (a) cumbersome for the user, (b)
cumbersome for the sysadmin and (c) doesn't give any more security.

--
PETER FOX Not the same since the bridge building business collapsed
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация