Re: cgi to update a datable table

[allanwind () attbi com (Allan Wind)]

On 2002-10-29 13:31:52, Kevin Spett wrote:
> I'm not exactly sure what the original poster was asking for, but...
>
> > Have you considered separating the data into different tables?  One with
> > write permissions, one with read only?
>
> Most database systems feature things like per-column permissions, etc.  You
> wouldn't need two tables.

True, but I do not think you really want to fiddle with database users
and permissions.  Say, the application is a corporate address book and
you only want the owner of the entry and a group of users to be able to
change an entry.  You can also do this sort of thing with stored
procedures, and in fact I quite a lot of fun implementing row level
access control based on the user logged in.

I really want permission to be transient and tied to a form request (or
said differently, a given session may be allowed to change row 1 now,
but only for 30 min or till user submits this form).  There most be a
simple or widely method to deal with this sort of thing, otherwise it
would be trivial to overwrite all the data in a given table as long
as you have write access to a row in it.


/Allan
-- 
Allan Wind
P.O. Box 2022
Woburn, MA 01888-0022
USA

Attachment: _bin
Description: