Direction on Access Level / Security Privileges

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
tbasher15
Forum Newbie
Posts: 6
Joined: Tue May 26, 2009 8:46 am

Direction on Access Level / Security Privileges

Post by tbasher15 »

I have a situation where I need to show/hide certain records based on who logs in. Conceptually, I planned on creating a user table and validating their access with session variables based on their area.

For Example:

User Table:
Username | Password | Area
testa | ******* | 21

Product Data Table:
Product Name | Price | Area
Rag | 1.00 | 21
Tires | 100.00 | 22, 23

So testa user would only be able to see the 'Rag' product and would not be able to see the 'Tires' product.

Before I start heading down the wrong path, I wanted to see if anybody had any other ideas that might be more efficient. Any helpful advice would be appreciated.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Direction on Access Level / Security Privileges

Post by onion2k »

I think you should read a book about database design. Or at least an article. Try this one: http://www.datanamic.com/support/lt-dez ... eling.html Pay particular attention to the many-to-many relationship stuff.
tbasher15
Forum Newbie
Posts: 6
Joined: Tue May 26, 2009 8:46 am

Re: Direction on Access Level / Security Privileges

Post by tbasher15 »

Point taken, but please realize that my example is a very basic illustration of how one might secure records. I'm more concerned with strategies that might be used to secure records for certain users. Thanks.
Post Reply