hi List,
I have written a library of php classes to manage database objects.
So my application now access to this library instead of accessing
directly to the database.
Now, I need to add an access control to my classes, like a check to a
$_SESSION variable.
A solution can be add this lines in first rows in every method:
" session_start();if(!isset($_SESSION['user'])) { return 999; } "
ex:
class sysAccess{
.....
function getName()
{
session_start();if(!isset($_SESSION['user'])) { return
999; }
..
}
}
In this way, I am sure that only trusted users have an access to the
methods.
But, If I forget to "protect" a single method, there will be a serious
vulnerability ..and this task will be long (and boring..)
Is there a better solution to protect access to publics object's methods
only to granted accounts?
Thanks in advance
Lorenzo Marussi
