... and it's easier to do that, than to simply verify a user is who they say they are??? <G>
My point is that if you allow anyone to edit your directory, someone could go through and simply modify all your links. You'd have to sort them out, or just dump the whole validate table. Very, very time consuming and problematic.
It's just not a good idea to leave this sort of thing open.
It's much easier to handle a request to change the LinkOwner to Username.
If you validate your users, you could even allow this to be an _automatic_ process, since if a user abuses it, you know who they are.
You could also limit it to allow changes only when LinkOwner is "anonymous", or some other flag field, but that would prevent people from causing trouble.
You could also limit it to allow a LinkOwner to only have 5 or less Links, without needing to go through an Admin check, just to prevent a user from suddenly going psycho.
*NEVER*, *EVER*, *TRUST* a user!! <G> (or form input, or script input, or *ANYTHING* not coming from a logged in user with a static IP and dedicated terminal with hardware and biometric identification enabled!)
PUGDOG� Enterprises, Inc.
The best way to contact me is to NOT use Email.
Please leave a PM here.
My point is that if you allow anyone to edit your directory, someone could go through and simply modify all your links. You'd have to sort them out, or just dump the whole validate table. Very, very time consuming and problematic.
It's just not a good idea to leave this sort of thing open.
It's much easier to handle a request to change the LinkOwner to Username.
If you validate your users, you could even allow this to be an _automatic_ process, since if a user abuses it, you know who they are.
You could also limit it to allow changes only when LinkOwner is "anonymous", or some other flag field, but that would prevent people from causing trouble.
You could also limit it to allow a LinkOwner to only have 5 or less Links, without needing to go through an Admin check, just to prevent a user from suddenly going psycho.
*NEVER*, *EVER*, *TRUST* a user!! <G> (or form input, or script input, or *ANYTHING* not coming from a logged in user with a static IP and dedicated terminal with hardware and biometric identification enabled!)
PUGDOG� Enterprises, Inc.
The best way to contact me is to NOT use Email.
Please leave a PM here.
