Re: [PHPMyEdit-Discuss] per record password protection

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> I manage the website for a small club.  I want to create an events
> listing which members can update themselves, so they can
> add/change/delete an event record.  They would set a password (for
> that event) when adding an event and give the same password to
> change or delete the event.
> So far, I have added a line to add a password entry field to
> phpMyEdit.class.php after the code to add the delete button to the
> foot of the listing:

I completelly understand what is the problem/requirement. You are right, it
is currently not possible to do such thing with phpMyEdit and it is
uncertain for future.

The solution could be to have phpMyEdit extension for this. Extension will
provide the same functionality as phpMyEdit, but it will also add particular
password check where it is neccessary. The problem is, that currently I do
not have enough time to work on this. I'm glad that I have at least time to
work on 5.3 release.

You should also note, that blocking user before displaying change or delete
page is not complex solution anymore. You have to block particular action -
record deletion and change in addition to blocking these pages. Otherwise
your application will not be secure (since it will contain this ugly
vulnerability).

--
  _/|   Ondrej Jombik - ne...@ph... - http://www.nepto.sk - OJ812-RIPE
 <_  \  Platon SDG - open source software development - http://platon.sk
   `\|  UNIX is user friendly. It's selective about who its friends are!
    '`