Welcome to WebmasterWorld Guest from 54.162.155.183

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Deleting database entries

     
10:53 pm on Aug 7, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I just heard that if you have a facility to delete fields from a database that this should not be done with a hyperlink, you should use a form to submit this.
The reasons being the search engines may crawl them.

Can anyone else share any light on this? What is the proper way to do this?
1:50 pm on Aug 8, 2012 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



If a crawler can it follow the link it means anybody else could too.

Don't you need authentication ?
9:55 pm on Aug 8, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



oh ok, is that the other option? Use authentication? How do I do that?
3:41 pm on Aug 9, 2012 (gmt 0)

5+ Year Member



Only authorised users should be given the privelege to delete database data (either entries or entire tables) and as such, they should have appropriate authentication for doing this task, this is my opinion - other experienced members here may have other more compelling methods to achieve this.
8:12 pm on Aug 9, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Ok, but what method should you use for deleting pages, are hyperlinks ok or should it be form submission?
8:45 pm on Aug 9, 2012 (gmt 0)

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



i don't think it makes any difference, i use both in my admin area.

the important thing is ensuring only the right people have access - generally speaking you should also log which login made significant changes like deletions.
9:01 pm on Aug 9, 2012 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The principle is usually known as AAA:
Authentication, Authorization and Accounting

- Authentication comes first: you essentially identify and make sure the identification is correct (e.g. by using a login and password) or stronger methods as needed.
You can implement this in a web server (e.g. digest auth in apache) or using php and tracking it all via sessions and the like.

- Authorization: you list who can do what, and verify against that list. It's not cause you know the visitor is me that you want me to allow to do anything.

- Accounting: You track who did what, when. Bonus: Why?
5:54 am on Aug 10, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Another approach - do not delete anything. Just use a flag to show/hide content. OR move deleted content to backup tables/databse
 

Featured Threads

Hot Threads This Week

Hot Threads This Month