| 1:50 pm on Aug 8, 2012 (gmt 0)|
If a crawler can it follow the link it means anybody else could too.
Don't you need authentication ?
| 9:55 pm on Aug 8, 2012 (gmt 0)|
oh ok, is that the other option? Use authentication? How do I do that?
| 3:41 pm on Aug 9, 2012 (gmt 0)|
Only authorised users should be given the privelege to delete database data (either entries or entire tables) and as such, they should have appropriate authentication for doing this task, this is my opinion - other experienced members here may have other more compelling methods to achieve this.
| 8:12 pm on Aug 9, 2012 (gmt 0)|
Ok, but what method should you use for deleting pages, are hyperlinks ok or should it be form submission?
| 8:45 pm on Aug 9, 2012 (gmt 0)|
i don't think it makes any difference, i use both in my admin area.
the important thing is ensuring only the right people have access - generally speaking you should also log which login made significant changes like deletions.
| 9:01 pm on Aug 9, 2012 (gmt 0)|
The principle is usually known as AAA:
Authentication, Authorization and Accounting
- Authentication comes first: you essentially identify and make sure the identification is correct (e.g. by using a login and password) or stronger methods as needed.
You can implement this in a web server (e.g. digest auth in apache) or using php and tracking it all via sessions and the like.
- Authorization: you list who can do what, and verify against that list. It's not cause you know the visitor is me that you want me to allow to do anything.
- Accounting: You track who did what, when. Bonus: Why?
| 5:54 am on Aug 10, 2012 (gmt 0)|
Another approach - do not delete anything. Just use a flag to show/hide content. OR move deleted content to backup tables/databse