Im sorry I was in a hurry and should have explained
this better. For the first time I am faced with allowing users to delete info
from a database. I am trying to come up with a save method for doing that. In
other words I don't want people to just type random numbers in a query string
and start erasing stuff. Most of the measures I have come up with so far are
easily defeated. I had considered putting the primary key of the tuple to be
deleted in a hidden form field but if you can alter the info sent in a post
request (and I think I read somewhere that you could) then that measure is kinda
lame too. the best I've got so far is that the user can only delete those tuples
that are related to their login.
A.
|
- [KCFusion] security question Adaryl Wakefield
- RE: [KCFusion] security question Bruce Dunwiddie
- Re: [KCFusion] security question Adaryl Wakefield
- Re: [KCFusion] security question Adaryl Wakefield
- RE: [KCFusion] security question Kory Bakken
- RE: [KCFusion] security question Luke Templin
- Re: [KCFusion] security question Adaryl Wakefield
- [KCFusion] Weird problem Bradley Miller
- Re: [KCFusion] Weird problem Bradley Miller
- RE: [KCFusion] security question Bruce Dunwiddie
- RE: [KCFusion] security question Kory Bakken
- RE: [KCFusion] security question Bruce Dunwiddie
- Re: [KCFusion] security question Adaryl Wakefield