[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [ic] Controlling access to tables
On 16 Oct 00, at 18:37, Mike Heins wrote:
> Actually, you are right to worry. Consider:
> [page scan
> st=db
> fi=userdb
> ra=yes
> rf=credit_card_number] Show CC [/page]
> (Of course that is completely bogus, but you get the idea.)
> You could get the data back in the [item-code], since rf allows
> you to set the field returned as code.
But that would still need a results page actually displaying the data. I
thought I could check the logged in user against the username in the
table on the results page and only display the data if they match. But I
suppose that would still leave the possibility of guessing another results
page...
The configuration option in Interchange sounds perfect. But that means
jumping from MV 3.14-6 to IC and I have quite a tight deadline.
Thanks for the prompt reply Mike.
Cheers,
Marcus
---
Marcus Weseloh
Projects Director
Slightly Different Ltd. <www.slightlydifferent.co.uk>
Tel: +44 (0)1326 372416 Fax: +44 (0)1326 372114
_______________________________________________
Interchange-users mailing list
Interchange-users@www.minivend.com
http://www.minivend.com/mailman/listinfo/interchange-users
