security question

[Mike]

This script seems to be very close to what I want. I want to create a database of alumni (with personal info) that users can add/edit thru the web without my involvement. My question is, what is to prevent anybody from coming in and altering somebody else's data? Is there any password protection that allows only the person who submitted the entry to edit or delete that entry? Please help. Thanks.

 

[Eugenio]

Mike wrote:
>
> This script seems to be very close to what I want. I want to
> create a database of alumni (with personal info) that users
> can add/edit thru the web without my involvement. My
> question is, what is to prevent anybody from coming in and
> altering somebody else's data? Is there any password
> protection that allows only the person who submitted the
> entry to edit or delete that entry? Please help. Thanks.

Not at the moment, at least not provided directly from DaDaBIK, try searching on this forum for possible solutions.

Eugenio.

(Latest version of DaDaBIK when this message was posted: 2.2.1)

 

[manuela]

Hi there,

I managed to secure the admin.php and by making a special .htaccess and .htpasswd file. I wanted only the admin to be able to open the admin.php and the internal_table_manager.php files and not anyone else.....

MAKING THE .HTACCESS FILE
Surround the statements in the .htaccess file with <FilesMatch>...</FilesMatch> tags:

<FilesMatch "admin.php|internal_table_manager.php">
AuthName "username"
AuthType Basic
AuthUserFile /usr/local/share/httpd/htdocs/yourdir/.htpasswd
require valid-user
</FilesMatch>

MAKING THE .HTPASSWD FILE:
The .htpasswd file will look like this:
admin:25ZQPYWNQ4grM
(you find htpasswd generators at: http://www.euronet.nl/~arnow/htpasswd/)

Just try it!

I have made other variations on those .htaccess and .htpasswd files (also for a member site) and they worked beautifully.

Greetings,
Manuela