DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

Editor > Selected columns only : Security sufficient to protect against tampering?

Editor > Selected columns only : Security sufficient to protect against tampering?

andrewmoirandrewmoir Posts: 1Questions: 1Answers: 0
in Free community support

Dear All,

I want the customer to only be allowed to edit columns : First name, Last name, Salary in the following example :

https://editor.datatables.net/examples/inline-editing/columns.html

This is done in this manner : { data: 'first_name', className: 'editable' },

Is this secure against abuse? Can someone abuse this to allow them to edit say another column ("Position")?

Shouldn't I be trying to prevent any acceptance or validation on the "Position" column in the server side script? ( Field::inst( 'position' ), )

Or is the javascript alone sufficient?

Kind regards Andrew

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 63,210Questions: 1Answers: 10,415 Site admin
    Answer ✓

    Hi Andrew,

    The Field::inst() is by default read / write. Use:

    Field::inst( 'position' )->set(false)

    to disallow writing to it.

    Allan

This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.