what should i do for security
Posted: Thu Oct 13, 2005 4:03 am
i have made an MIS application in php+mysql
all pages has been made
i have three level user students,teachers and specail user (admins) all in different tables
for now when user login with correct pass i am starting session with user_id and check the user_id session in subsequent pages using if clause ....
if yes.(userid session)...... to page if no then to login page....
but i want to make teachers to view data of students (but student cannot view teachers data)
so admin can view all data
here are some problem
is this creating session right and reliable way to implement security zones ...
and whats about students just go to history of browser and start opening page that once open by the teacher in the same computer....
what if they use
http://www......com?uid=101
directly knowing uid....
and third as i create students user_id session only when student logs in would teachers be able to get in to those pages.....as no session for them is created as the session will be checked in subsequent student access pages...(same coded pages would be seen by teachers)
could some body suggest me ,provide me(idea,downloads,books,...anything)
to solve this problem ...
would be very great ful...
what and how should i implement...
all pages has been made
i have three level user students,teachers and specail user (admins) all in different tables
for now when user login with correct pass i am starting session with user_id and check the user_id session in subsequent pages using if clause ....
if yes.(userid session)...... to page if no then to login page....
but i want to make teachers to view data of students (but student cannot view teachers data)
so admin can view all data
here are some problem
is this creating session right and reliable way to implement security zones ...
and whats about students just go to history of browser and start opening page that once open by the teacher in the same computer....
what if they use
http://www......com?uid=101
directly knowing uid....
and third as i create students user_id session only when student logs in would teachers be able to get in to those pages.....as no session for them is created as the session will be checked in subsequent student access pages...(same coded pages would be seen by teachers)
could some body suggest me ,provide me(idea,downloads,books,...anything)
to solve this problem ...
would be very great ful...
what and how should i implement...