[nycphp-talk] Query result state strategy
Ophir Prusak
prusak at gmail.com
Thu Feb 16 22:56:24 EST 2006
to quote chris -
"security isn't black and white - it's shades of gray"
but to the point - I'd have to add, it really depends on how big of a
deal is it if someone does something they're not supposed to do.
If this is an ecommerce site - then obviously security is a very big deal.
if it's a bulletin board on an intranet ...
well, you get the point.
On 2/15/06, Cliff Hirsch <cliff at pinestream.com> wrote:
>
> Lately, it seems like I need to execute queries twice -- the first time to
> gather data and set actions for the presentation layer. That's fine.
>
> What disturbs me is that I need to do this all over again when receiving
> actionable input, going along with the theory that all input from the client
> is evil unless proved otherwise. Thank you Chris...
>
> So now I need to run a query again, check to see if the particular action is
> allowed based on the data gathered and than act upon it if the action is
> valid. The joy of an open client-server system.
>
> Do I just accept this and get on with it? Do I maintain the query results
> and state info with sessions, which I have avoided to date because I believe
> sessions have their own scalability baggage? Comments?
>
> Cliff Hirsch
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> New York PHP Conference and Expo 2006
> http://www.nyphpcon.com
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
>
More information about the talk
mailing list