On Sat, Oct 18, 2008 at 11:28 AM, Jay Moore <jaymoore@xxxxxxxxxxxx> wrote: > Yeti wrote: > >> Ok, but how safe are tokens? >> Thinking of man in the middle attacks they do not make much sense, do >> they? >> > > That's what I was thinking too. If I'm deleting an entry from a database > with AJAX, I don't want someone looking at my Javascript and saying, "Hmm, > all I need to do is pass this info to this URL and I can delete at will." > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > True, but then my permission / auth / workflow schema defines all that. the user won't like have that permission, the request will be logged and nothing is ever deleted from the app in any case since I only allow soft (record level flag ) deletes to ensure data integrity -- Bastien Cat, the other other white meat
