Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Clearly you need to check it at your back-end side, otherwise your application is likely to exploit by a kid.</p> <p><strong>Update</strong></p> <p>you need to implement an authorisation mechanism in your back-end, then after you load the permissions at the beginning, you can add it to the user session, so you don't need to look-up the database each time, you just need to check the user permission against the task required permission.</p> <p><strong>More</strong></p> <p>To implement the authentication mechanism: Goal, <code>user</code> can see it's own profile but <code>supervisor</code> can see everyone within his <code>department</code>.</p> <ul> <li><code>user</code> A has the <code>user_id</code> already loaded at the session, let say <code>user_id = 123</code></li> <li><code>user</code> A can only request his information so <code>if (user_id == req_user_id)</code> then show the information, otherwise show error.</li> <li><code>user</code> B has the permission value of <code>100</code>, let's call him <code>supervisor</code> then. Now <code>if (user_id == req_profile_id)</code> is not <strong>true</strong> we will check the permission. Let say the task permission for this particular task is <code>10</code> so <code>if (user_perm &gt;= task_perm)</code>, go ahead and check the department, if both the requested user and current user are at the same department, then show the information, otherwise show an error.</li> </ul> <p>this should works based on your information.</p>
    singulars
    1. This table or related slice is empty.
    1. POImplementing Security for Ajax calls
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COThat's true, but for adding checks for every operation, I need to read database which is very costly. Some time the association may not be straight forward and I need to do join on few tables as well. What if we have some option to validate whether the request is genuine and originated from correct source. Similar to Hash or some digital signature kind of stuff..
      singulars
      1. PO
      1. USGaurav
    2. CO@Gaurav in any case, you need to check it out again, a user could be a trusted user, however someone can attacks on behalf of that ...
      singulars
      1. PO
      1. This table or related slice is empty.
    3. COPermission is not enough in this case. Say, I will be permission like EmployeeDetailInfoViewPermission. If one malicious employee passed other employeeId he will get the data. As he will be having that permission. I am looking for some solution which will not hurt performance and is easier in implementation as well.
      singulars
      1. PO
      1. USGaurav
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload