cmiiw ----- Original Message ----- From: "Gustav Wiberg" <gustav@xxxxxx> To: <php-windows@xxxxxxxxxxxxx> Sent: Wednesday, February 14, 2007 6:39 PM Subject: [PHP-WIN] A measre of security Hi! This is a kind of security-question.... I'm starting up a system, where several customers should be able to login with there own information. Each company I give unique identity with "hard-coding" and each company has its own folder... Harding-coding, something like: $company -> setIDCompany(1); $company -> setIDCompany(2); $company -> setIDCompany(3); [bedul] you should not try hardcoding by your self.. is suffer your health.. hehehe why don't you use an id.. if you enter this using db.. every new record or company will given a new id.. like you enter new comp anda the new will have 4 and soon but if this not what you wanted.. just created a random var like this i enter new comp.. where the var given = a4s43.. this comp will have id a4s43 and have folder named a4s43 ===================================================== Diffrent folders: customers/company1 customers/company2 customers/company3 and so on... This isn't complicated, but when I add a new company.... ...I must be 200% sure that the IDCompany is set correct (There is a chance of setting the wrong ID for a new company or forgetting to change it) [bedul] to search what your id entered .. try use int mysql_insert_id ( [resource link_identifier] ) Retrieves the ID generated for an AUTO_INCREMENT column by the previous INSERT query. ======================================= The companys ARE NOT ALLOWED to see each others information. [bedul] try above suggestion.. use random var for folder.. how to get em?? $idFromTable=mysql_insert_id ($handle); $rndNum=rand(2100); $randomID="a".$idFromTable."s".$rndNum; ======================================== Is there any good way of solving this with some sort of comparision-mechanism or something like that? Any thoughts? [bedul] interesting. can u explain more about 'sort of comparision-mechanism'?? =================== -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
