[ic] Controlling access to tables
Marcus Weseloh
marcus@slightlydifferent.co.uk
Tue, 17 Oct 2000 00:11:34 +0100
On 16 Oct 00, at 18:37, Mike Heins wrote:
> Actually, you are right to worry. Consider:
> [page scan
> st=db
> fi=userdb
> ra=yes
> rf=credit_card_number] Show CC [/page]
> (Of course that is completely bogus, but you get the idea.)
> You could get the data back in the [item-code], since rf allows
> you to set the field returned as code.
But that would still need a results page actually displaying the data. I
thought I could check the logged in user against the username in the
table on the results page and only display the data if they match. But I
suppose that would still leave the possibility of guessing another results
page...
The configuration option in Interchange sounds perfect. But that means
jumping from MV 3.14-6 to IC and I have quite a tight deadline.
Thanks for the prompt reply Mike.
Cheers,
Marcus
---
Marcus Weseloh
Projects Director
Slightly Different Ltd. <www.slightlydifferent.co.uk>
Tel: +44 (0)1326 372416 Fax: +44 (0)1326 372114