This feature has a very limited usage outside the Reader Management, because there is not (or at least I don't know of) a corresponding value for the view.php3.
(~FRE: Add slice reading password parameter to view.php3)
Difference between revisions of "Permission system - Users, Groups, Roles"
From ActionApps Documentation
(→Protecting slice data against an unathorized read access) |
(→Protecting slice data against an unathorized read access) |
||
| Line 9: | Line 9: | ||
<div id="usernotes"><div class="note"><strong>--[[User:Marek|Marek]] 25 August 2005 19:35 (CEST)</strong><div class="text"> | <div id="usernotes"><div class="note"><strong>--[[User:Marek|Marek]] 25 August 2005 19:35 (CEST)</strong><div class="text"> | ||
This feature has a very limited usage outside the [[Term#Reader management|Reader Management]], because there is not (or at least I don't know of) a corresponding value for the <code>view.php3</code>. | This feature has a very limited usage outside the [[Term#Reader management|Reader Management]], because there is not (or at least I don't know of) a corresponding value for the <code>view.php3</code>. | ||
| − | (~FRE: Add | + | |
| + | (~FRE: Add slice reading password parameter to view.php3) | ||
</div></div></div> | </div></div></div> | ||
''Note on the implementation: the password is checked in the <code>GetItemContent()</code> function. For AA control panel pages (Item Manager and Item Edit), the function <code>FetchSliceReadingPassword()</code> is used.'' | ''Note on the implementation: the password is checked in the <code>GetItemContent()</code> function. For AA control panel pages (Item Manager and Item Edit), the function <code>FetchSliceReadingPassword()</code> is used.'' | ||
Revision as of 19:39, 25 August 2005
Protecting slice data against an unathorized read access
Protecting sensitive data against reading
With the concept of Reader management slices introduced it is important that some data are not accessible for reading. This is achieved by setting a reading password for slices containing sensitive data. If you fill the field "Reading Password" in Slice Settings, you must always sent this password as a parameter slice_pwd. This may be done by adding this parameter to SSI includes like
<!--#include virtual="/aa/slice.php3?slice_pwd=the_password&slice_id=xy...."-->
If somebody tries to fetch read-protected data without the correct password, all fields are filled with an error message.
If you are interested, the password is prooved in the GetItemContent() function. For AA control panel pages (Item Manager and Item Edit), the function FetchSliceReadingPassword() is used.
It has to be said that ActionApps is primarily focused on making the content easy to publishing, share, exchange and distribute. As such, there has been a very low presure on introducing functionalities for protecting the data against unathorized access.
Probably the only exception to this is the special type odf slice called Reader Management slice, which stores user's password and other personal data (which can be the case with any slice). In this case it is important that some data are not accessible for reading. This is achieved by setting a reading password for slices containing sensitive data. If you fill the field "Reading Password" in Slice Settings, you must always sent this password as a parameter slice_pwd. This may be done by adding this parameter to SSI includes like
<!--#include virtual="/aa/slice.php3?slice_pwd=the_password&slice_id=xy...."-->
If somebody tries to fetch read-protected data without the correct password, all fields are filled with an error message.
--Marek 25 August 2005 19:35 (CEST)
Note on the implementation: the password is checked in the GetItemContent() function. For AA control panel pages (Item Manager and Item Edit), the function FetchSliceReadingPassword() is used.
