Hi, I am trying to secure access to some of our content.
Case: 1. User reads our content and completes the feedback form. 2. A file is saved in our "Feedback" database for each form that is submitted. Security: - Let anonymous users WRITE to the DB using the web form - Do not allow unauthenticated users to READ comments. Solution so far to avoid making user/password known: 1. Save feedback in an unsecured DB. 2. Redirect to function that moves the feedback file to a secured DB. Issue: - Security seems to limit access to files when they are addressed as db:open(DB, path). - All functions that grab data, crunch the data and display it in an HTML table seem to remain available to everyone. Questions: - Instead of securing the DB, we were thinking of securing the functions: Open access to 'submit-comment' for all users, require authentication for all other functions. Is this possible, if so can you point me to useful documentation? - Do you have any other suggestion? -- France Baril Architecte documentaire / Documentation architect [email protected] (514) 572-0341
_______________________________________________ BaseX-Talk mailing list [email protected] https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
