[ic] Saving shopping carts on behalf of a customer.
Brian Kaney
brian at vermonster.com
Tue Dec 7 12:20:37 EST 2004
On Tue, 2004-12-07 at 11:55, Mike Heins wrote:
> Quoting Brian Kaney (brian at vermonster.com):
> >
> >
> > The issue I am having is the administrator needs to be able to save a
> > named shopping cart (containing the quotation) on behalf of another
> > user.
>
> this makes sense.
>
> >
> >
> > I found if I log in as admin and click on the "customers" tab, there is
> > a nice switch user function. I can look into session and check if
> > $Session->{su} exists. If it does, I can allow access to my privileged
> > functions.
> >
> >
> > This all seems to work, but I am wondering if it is safe to rely on the
> > existence of $Session->{su} for determining if the user's previous login
> > was su?
>
> the thing i struggle with is why do you care? and safe for what value
> of safe? anyone who can create embedded perl code which you run
> can do
Because I don't want "regular" users to have access to privileged
functionality/pages (namely my quote building pages). I need to see if
the user was last logged in as an admin, and then determine access.
And I guess by safe, I mean reliable and non-spoofable (not from a
programming standpoint, but from the client).
- Brian
More information about the interchange-users
mailing list