homepage Welcome to WebmasterWorld Guest from 174.129.103.100
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Deleting database entries
whatson




msg:4482718
 10:53 pm on Aug 7, 2012 (gmt 0)

I just heard that if you have a facility to delete fields from a database that this should not be done with a hyperlink, you should use a form to submit this.
The reasons being the search engines may crawl them.

Can anyone else share any light on this? What is the proper way to do this?

 

swa66




msg:4482932
 1:50 pm on Aug 8, 2012 (gmt 0)

If a crawler can it follow the link it means anybody else could too.

Don't you need authentication ?

whatson




msg:4483066
 9:55 pm on Aug 8, 2012 (gmt 0)

oh ok, is that the other option? Use authentication? How do I do that?

mvaz




msg:4483225
 3:41 pm on Aug 9, 2012 (gmt 0)

Only authorised users should be given the privelege to delete database data (either entries or entire tables) and as such, they should have appropriate authentication for doing this task, this is my opinion - other experienced members here may have other more compelling methods to achieve this.

whatson




msg:4483285
 8:12 pm on Aug 9, 2012 (gmt 0)

Ok, but what method should you use for deleting pages, are hyperlinks ok or should it be form submission?

topr8




msg:4483292
 8:45 pm on Aug 9, 2012 (gmt 0)

i don't think it makes any difference, i use both in my admin area.

the important thing is ensuring only the right people have access - generally speaking you should also log which login made significant changes like deletions.

swa66




msg:4483302
 9:01 pm on Aug 9, 2012 (gmt 0)

The principle is usually known as AAA:
Authentication, Authorization and Accounting

- Authentication comes first: you essentially identify and make sure the identification is correct (e.g. by using a login and password) or stronger methods as needed.
You can implement this in a web server (e.g. digest auth in apache) or using php and tracking it all via sessions and the like.

- Authorization: you list who can do what, and verify against that list. It's not cause you know the visitor is me that you want me to allow to do anything.

- Accounting: You track who did what, when. Bonus: Why?

omoutop




msg:4483385
 5:54 am on Aug 10, 2012 (gmt 0)

Another approach - do not delete anything. Just use a flag to show/hide content. OR move deleted content to backup tables/databse

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved