Admin only access to articles. Is this secure?
Posted: Thu 22. Sep 2005, 18:51
Can someone pick holes in this.
I have a client whose present website is controlled by a custom data entry form and a PHP script. The form is accessed with a username and password via an 'admin' page.
I am trying to replicate this scenario using PHPWCMS 1.2.3 and wondered if the following method will ensure that only the client has access to the form.
1) I created a category called 'scripts'
2) I gave the category the alias 'scripts'.
3) I selected 'Hide' (from main menu) and 'Visible for users logged on only'
4) I addded an article to this category with the entry form and PHP script and created the custom tables in the database.
When I log in to the backend I can open this page and use the form. If I am not logged in, I cannot see the page. This is exactly what I want, but I am concerned that there may be a loophole somewhere.
Comments from anyone who can see a problem (or a better way) would be welcome.
I have a client whose present website is controlled by a custom data entry form and a PHP script. The form is accessed with a username and password via an 'admin' page.
I am trying to replicate this scenario using PHPWCMS 1.2.3 and wondered if the following method will ensure that only the client has access to the form.
1) I created a category called 'scripts'
2) I gave the category the alias 'scripts'.
3) I selected 'Hide' (from main menu) and 'Visible for users logged on only'
4) I addded an article to this category with the entry form and PHP script and created the custom tables in the database.
When I log in to the backend I can open this page and use the form. If I am not logged in, I cannot see the page. This is exactly what I want, but I am concerned that there may be a loophole somewhere.
Comments from anyone who can see a problem (or a better way) would be welcome.