Alan Harris-Reid <a...@baselinedata.co.uk> writes: > As each link contains row-id, I guess there is nothing to stop someone > from getting the id from the page source-code. Is it safe to use the > above href method if I test for authorised credentials (user/password > stored as session variables, perhaps?) before performing the > edit/delete action?
Well, if it's really ok for them to delete records programmatically even if it's ok for them to delete through the web site. I'd probably encrypt the post parameters if this was a concern. -- http://mail.python.org/mailman/listinfo/python-list
