Let's say we have a 'Client' Table and we link invoices from the 'Invoices' table as a master/detail relationship.
We also have permissions setup so that the User logged in can only view/edit their own records setup for the 'Client' table but all other options untouched in the Security/Advanced page.
PHPR generates the following link when we click 'Proceed to Details' from the detail table: http://domain.com/invoices_list.php?masterkey1=8&mastertable=clients'>http://domain.com/invoices_list.php?masterkey1=8&mastertable=clients
If we take this link above and remove the query so the link looks like: http://domain.com/invoices_list.php , we can view the list of all invoices ever created for every client which now defeats the purpose of the security. Sure maybe the user won't have access to the client data but now they have access to revenue data and can figure out how much the company is making.
I understand we can hide the 'Proceed to Details' link but if somehow a user can figure out how to proceed themselves, how can we tighten the security of this section? Also if a session expires and a user logs in again, they can see all invoices since PHPR has forgotten which 'Client' is associated with invoices.
A work around would be to add a 'User' column to every table (address, phone, emails etc) and set security permissions for each one but this would limit only one person having access to the record when we might need other staff to view/edit the records.
Is there a way to disable an open query like this? Even if we were to filter only records associated with the 'Client' table, users could still edit records from the list and make a big mess.
I can understand if you can trust your staff etc for an internal app, but if you are building something public facing, has anyone thought of this and what have you done to workaround this?
need2sleep authorDevClub member