[ic] Controlling access to tables

Marcus Weseloh marcus@slightlydifferent.co.uk
Tue, 17 Oct 2000 00:11:34 +0100


On 16 Oct 00, at 18:37, Mike Heins wrote:

> Actually, you are right to worry. Consider:
> 	[page scan
> 		st=db
> 		fi=userdb
> 		ra=yes
> 		rf=credit_card_number] Show CC [/page]
> (Of course that is completely bogus, but you get the idea.)
> You could get the data back in the [item-code], since rf allows
> you to set the field returned as code.

But that would still need a results page actually displaying the data. I 
thought I could check the logged in user against the username in the 
table on the results page and only display the data if they match. But I 
suppose that would still leave the possibility of guessing another results 
page...

The configuration option in Interchange sounds perfect. But that means 
jumping from MV 3.14-6 to IC and I have quite a tight deadline.

Thanks for the prompt reply Mike.

Cheers,

	Marcus

---
Marcus Weseloh
Projects Director
Slightly Different Ltd. <www.slightlydifferent.co.uk>
Tel: +44 (0)1326 372416  Fax: +44 (0)1326 372114