> True, but then my permission / auth / workflow schema defines all that. the > user won't like have that permission, the request will be logged and nothing > is ever deleted from the app in any case since I only allow soft (record > level flag ) deletes to ensure data integrity
I agree with Bastien here. If you can't trust your authorized users then don't authorize them to delete entries. I would also recommend some kind of access control to lower the risk of a complete data loss. Use HTTPS to prevent man in the middle attacks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
