Gnub Posted April 20, 2007 Share Posted April 20, 2007 I've developed two systems, 1 for a login/security, and 1 for database queries. Both systems run under 1 window. 1 which is on the main page(login/security), and the other in a Iframe(queries). What im doing now is creating a logging system, where a log is created when a certain query or action is performed on the database(log who did what where and when). My problem/question is am i going to be able to get the login username from the Security side, and put it into the Iframe system? Im doubtfull i can do this, as both systems run on different domains, however the question needs to be asked. If i can't, wouldn't it be possible, upon login to parse the info from login system to the query system and store it into a session variable, and then call that session when i need it? But wouldn't this be a risk for security, and open for abuse? thanks for any opinions Gnub Quote Link to comment Share on other sites More sharing options...
taith Posted April 20, 2007 Share Posted April 20, 2007 when you do the login... if you save it into the $_SESSION[user]=$row; your createing an arrayed array, which is "hard" to abuse through conventional methods... if you want... after you do the login... unset() the data which needs to be secured... email, password, ip address, phpsessid, etc... so it doesnt exist in that array... but quite honestly... if you log into your account, you get your information... which is accessable to you regardless, and if you have hackers, who cares if they hack into their own account? lol... i'm pretty sure, if they can login, they know their own information already... and if they cannot log into an account, the $_SESSION[user] wont have any information... either way... their not going to have any access to any information they wouldnt have anyways... Quote Link to comment Share on other sites More sharing options...
Gnub Posted April 20, 2007 Author Share Posted April 20, 2007 Im more concerned with disgruntled employee's who sudernly have the urge to do a mass delete when no one is looking. Hence the reason for logging. But i've gone and scripted something that seems to be working. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.