Hi,
I am trying to secure access to some of our content.
Case:
1. User reads our content and completes the feedback form. 2. A file is saved in our "Feedback" database for each form that is submitted.
Security:
- Let anonymous users WRITE to the DB using the web form - Do not allow unauthenticated users to READ comments.
Solution so far to avoid making user/password known:
1. Save feedback in an unsecured DB. 2. Redirect to function that moves the feedback file to a secured DB.
Issue:
- Security seems to limit access to files when they are addressed as db:open(DB, path). - All functions that grab data, crunch the data and display it in an HTML table seem to remain available to everyone.
Questions:
- Instead of securing the DB, we were thinking of securing the functions: Open access to 'submit-comment' for all users, require authentication for all other functions. Is this possible, if so can you point me to useful documentation? - Do you have any other suggestion?