Re: Session and Access Privilages.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi-

Since you are checking the authtype variable in the environmental variable
for each page which is requested, There cannot be any chance for a intruder
to get access to the page. But then, for an enhanced security, do maintain
a table in db with relation between authtype and access to page and
privilege. Checking the same in the page before displaying it to the user
might help you in solving the issue.

Hope this helps.

-
Trinath S


On Thu, Mar 29, 2012 at 1:00 PM, Vinay Kannan <vinykan@xxxxxxxxx> wrote:

> Hey,
>
> I am working on the application, thought its not OOP currently, I plan to
> take it further in a year or so.
> Right now, I have 4 access levels which define what the users can do on the
> application.
> Based on the access levels defined, a session varialble is set called
> $_SESSION['authtype'], and this defines what are the links shown to the
> user.
> so basically the session authtype, defines what links are shown to the
> users, now i am thinking that if a user comes to know of a link whihc he
> does not have
> access to, he / she can put that in the url and try to gain access, what i
> feel is there should be some check on each of the page for the access and
> if the acess
> criteria is not met, then the user should be sent back to him home page
> view.
>
> Any ideas on what the best way is to implement something like this? Any
> help is appreciated.
>
> Thanks,
> Vinay
>

[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux