[FX.php List] Security Concerns
Andrew Denman
adenman at tmea.org
Thu Jan 25 13:14:16 MST 2007
David,
You will have to test this, but you could make one account that can only
create records (no viewing, access to all fields) and use that to write to
the database. A separate account would be used to retrieve records, and it
would be denied access to fields you want to hide.
Andrew Denman
_____
From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of David Tinoco
Sent: Thursday, January 25, 2007 1:38 PM
To: fx.php_list at mail.iviking.org
Subject: [FX.php List] Security Concerns
Well guys, this scares me now, as I was planning to design a secure page
that took a customer's credit card information and stored it only for a few
hours in FM until the sales rep transferred it to a secure "internetless"
computer.
But I realized that in order to have create and view access, you obviously
must have read access, right?
So couldn't anyone theoretically lookup any credit card number while it
hadn't been transferred?
Any help with suggestions would be great.
David
_____
Get into the holiday spirit, chat with Santa on Messenger. Ho-Ho-Ho!
<http://imagine-windowslive.com/minisites/santabot/default.aspx?locale=en-us
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20070125/441ca163/attachment.html
More information about the FX.php_List
mailing list