Hi Everyone:
I'm building a web site where a client logs into an account
and enters transactions. Once a transaction is entered by a
client, the client always has access to that transaction.
The client can attach (upload) files to a transaction.
I want a client to only see files attached to a transaction that
the client can access.
I don't want a client to be able to see files they don't
have access to.
A client is only shown files attached to their own transactions,
but I don't want someone sneaking around.
my Q is:
what is the best way (easy and secure) to setup the directory
and name the files?
2 thoughts are:
1. put all the files in the same directory and name them:
File.ttttt.xxx.doc
where ttttt is the transaction number and
xxx is the document number for each file (001, 002, etc.)
pros: easy to manage.
cons: someone could guess a transaction and document number here that
they should not see.
2. setup a separate directory for each client and name them:
same as in #1
pros: easy to manage.
cons: someone could guess a directory, transaction and document number here
that
they should not see.
any suggestions?
tia
Sandy
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
