I have a database, with roughly 900 rows, and about 12 columns. Each row is a product, and each column has information about the product (price, image, description, date added, category, and merchant)
What I am trying to do is make a very simple interface, where merchants can come to the site, and add, remove, or modify products, BUT only for their company. I have no idea what to do. I tried using PHP sessions, but somethings not working.
So here’s the scenario. Merchant A comes to the site, and logs in. Once logged in, he sees a page with three options (add,modify,remove). When he selects modify, he should only see products from his company.
I hope this makes sense.
I would post a link to the site, but there are still many flaws, so it would be a security risk.
Any help is greatly appreciated (even just links to tutorials!)
Php And Mysql Question. How To Make A Basic Cms?
By Networking Security Posted in: database security
Leave a Reply
You must be logged in to post a comment.
See More Infomations
New Articles in Category16
- How Can I Design A Security Diagram Of A Wireless Network ?
- Online Database Security?
- Does His Kind Of Database Software Exist?
- Is Yahoo Email Going To Close Down Because Of Being Too Full?
- My University Computer Records Infected With Malware. What To Do Now?
- Can You See What’s Wrong With This Php Code Stuff? Trying To Connect To Database.?
Monthly Archive:
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- Categories
- application security (1686)
- firewall security (1224)
- internet security (2499)
- Network Security (3951)
- pc security (1653)
- search security (1892)
- security job (5996)
- security specialist (857)
- security training (1672)
- Security Products (3208)
- security camera (1919)
- Security Solutions (5148)
- database security (679)
- ip security (882)
- security systems (2240)
More Interesting Things
©2011 Networking Security, All rights reserved.
I would suggest you create an independent database for each merchant.
E.g., when Merchant A logs in, he gets database “db_merchant_a”. Have a “template” database somewhere that has the basic schema for the table(s). When you register a new merchant, create a new database for him, and copy over all the tables from the template to the merchant database.
How you name this database is up to you. I would recommend that you have one master database that contains information on all the merchants, assign each merchant a unique merchant ID which is kept in that database, along with their email, full name and address, etc. This unique ID can be an auto_increment column, multiplied by some prime number (we don’t want it to be easy to guess what the next ID is). Then name the database “DB_MID” where “DB” is the literal letters “DB”, and “MID” is the Merchant ID.
If additionally you give the merchant SELECT, INSERT, DELETE, REFERENCE permission to ONLY his database, then MySQL will guarantee that it is impossible for him to access the data from a different merchant database (unless he hacks the other merchant’s user-id and password)
Just remember to add each database to your backup strategy.