Re: Help with best method of using forms for users to verify database information
southplatte and Dubbya
Thanks very much for taking the time over such detailed answers - its greatly appreciated. I'd already figured that appending the client id was the only way to start the process, but hadn't really thought through the security implications at that time. Another developer I talked to also threw up the same concerns over the security of the whole exercise, so looks like there's a bridge to cross.
We've just inherited this as a project from somebody else, and today I got a few more details from the client about how the previous company handled the problem. Or didn't. Seems they just did as the client asked and populated the form without any sort of verification without querying it.
Still, now I've raised it, they're worried about it, so its true, "a problem shared is a problem multiplied" (think that's right!).
Again, thanks for your input.
|