Msg#: 4482716 posted 10:53 pm on Aug 7, 2012 (gmt 0)
I just heard that if you have a facility to delete fields from a database that this should not be done with a hyperlink, you should use a form to submit this. The reasons being the search engines may crawl them.
Can anyone else share any light on this? What is the proper way to do this?
Msg#: 4482716 posted 3:41 pm on Aug 9, 2012 (gmt 0)
Only authorised users should be given the privelege to delete database data (either entries or entire tables) and as such, they should have appropriate authentication for doing this task, this is my opinion - other experienced members here may have other more compelling methods to achieve this.
Msg#: 4482716 posted 9:01 pm on Aug 9, 2012 (gmt 0)
The principle is usually known as AAA: Authentication, Authorization and Accounting
- Authentication comes first: you essentially identify and make sure the identification is correct (e.g. by using a login and password) or stronger methods as needed. You can implement this in a web server (e.g. digest auth in apache) or using php and tracking it all via sessions and the like.
- Authorization: you list who can do what, and verify against that list. It's not cause you know the visitor is me that you want me to allow to do anything.
- Accounting: You track who did what, when. Bonus: Why?