G
gdp
Hi...
I have to allow access for administrators to sections of my website which
contain sensitive data. Ther is a link on the homepage called "Admin
Login". They are asked for a PIN number which is a randon four letter four
number combo and if they get that correct then have to enter their personal
username and password.
The text field inputs are cleaned before being used to make up dynamic SQL
by replacing all apostrophes with the below function
function clean(clean_this)
clean=trim(replace(clean_this,"'","''"))
end function
Is this all safe....I am slightly uneasy about having the login on the
website and it could be hidden in a special link only given to admins - but
this is the same mechanism that ebay and amazon etc rely on to let people
log in....
Could somebody please advise me of any dangers of this approach
thanks
gdp
I have to allow access for administrators to sections of my website which
contain sensitive data. Ther is a link on the homepage called "Admin
Login". They are asked for a PIN number which is a randon four letter four
number combo and if they get that correct then have to enter their personal
username and password.
The text field inputs are cleaned before being used to make up dynamic SQL
by replacing all apostrophes with the below function
function clean(clean_this)
clean=trim(replace(clean_this,"'","''"))
end function
Is this all safe....I am slightly uneasy about having the login on the
website and it could be hidden in a special link only given to admins - but
this is the same mechanism that ebay and amazon etc rely on to let people
log in....
Could somebody please advise me of any dangers of this approach
thanks
gdp