Thank you very much Stut, great points. I didn't even think about wanting to display a list of files they have access to. I guess I'll go with the simpler way and save myself a lot of overhead. As I said, I've never made a site that had anything to do with money before, this is the first time. I just wasn't sure what kinda security I need. I guess as long as the credit card transactions are secured, I should be fine. thanks again, Siavash thinkQuoting Stut <stuttle@xxxxxxxxx>: > siavash1979@xxxxxxxxx wrote: > > is that really secure? > > > > I just thought if for any reason, someone can get into my database, > > they can't just add usernames and file ids to my table and have > > access. > > > > I thought if I md5 it, then it'll be more secured. > > > > would 1 table for username-fileid really be fine? > > If they get that level of access to you database then most bets are off. > However, you are correct to a certain extent. If you one-way encrypt (if > MD5 can be called encryption) all your data then yes it will be more > secure, but to me that security comes at too high a cost from a > functionality point of view. You can't, for example, get a list of the > files a particular user has purchased. > > But, as always, it's up to you and what you need for the particular > project. If you feel you need that extra security then go for it, but be > aware of the side-effects. > > -Stut > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
