Thank you very much Stut,

great points.

I didn't even think about wanting to display a list of files they have access
to. I guess I'll go with the simpler way and save myself a lot of overhead.

As I said, I've never made a site that had anything to do with money before,
this is the first time. I just wasn't sure what kinda security I need. I guess
as long as the credit card transactions are secured, I should be fine.


thanks again,
Siavash



 thinkQuoting Stut <[EMAIL PROTECTED]>:

> [EMAIL PROTECTED] wrote:
> > is that really secure?
> > 
> > I just thought if for any reason, someone can get into my database,
> > they can't just add usernames and file ids to my table and have
> > access.
> > 
> > I thought if I md5 it, then it'll be more secured.
> > 
> > would 1 table for username-fileid really be fine?
> 
> If they get that level of access to you database then most bets are off.
> However, you are correct to a certain extent. If you one-way encrypt (if
> MD5 can be called encryption) all your data then yes it will be more
> secure, but to me that security comes at too high a cost from a
> functionality point of view. You can't, for example, get a list of the
> files a particular user has purchased.
> 
> But, as always, it's up to you and what you need for the particular
> project. If you feel you need that extra security then go for it, but be
> aware of the side-effects.
> 
> -Stut
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to