Welcome Guest, Not a member yet? Register   Sign In
Design application problem: a helper or a library ?
#1

[eluser]Diantre[/eluser]
Hi there,

I am been wondering what is the best solution to my problem for a while.

I would like to create a Token component (does it exist yet ? i didn't find anything) to protect my forms and part of my sessions.

I designed a solution: some functions use sessions (form protection) and some use database (sessions' part protection).

How can I do that properly ? With a helper (5 functions: ask_token; give_token_back and ask_form_token; give_form_token_back and a check_timeout_token function) or a library (same functions as methods) ?

Thanks by advance, Diantre.

PS: sorry for my english, I am still french Tongue
#2

[eluser]rogierb[/eluser]
There is a solution out there: http://ellislab.com/forums/viewthread/92399/ for CSRF protection.

Besides using this library I use a unique form id on all forms.
This is done by extending the form_helper so it writes a hidden field with a unique id when calling form_open. The id is stored in the session. When saving a form a helper is called is_unique() that matches the post data to the data in the session.

And you are forgiven for being french, but only because of the awesome french baguette!
#3

[eluser]Diantre[/eluser]
Hi again,

Thanks for your answer.

I will use the plugin for CSRF protection (with your ID form tips) and I will develop my own component to "protect writing" some part of the site.
It is supposed to be useful in some case if I want to make some changes on dynamic text and that someone is currently changing it. It might sound confuse to you but I have a real interest in doing that.

But should I write as a Library or as Hepler (or a Plugin) ? It confuses me a bit because I always wonder what is the best choice (not only for this development) !

Thank you for considering my posts, Diantre.

PS: there is french kiss too, but I think you would mind if I send you one Tongue
#4

[eluser]rogierb[/eluser]
Well I use helpers when it comes to a single function or functionality, like check_something().
Libraries I use when there is a larger functionality, that has to be divided into smaller chunks.

As for your protect writing, I use a flag on a record that indicates whether it is being edited. When in edit mode, someone else may only view it.

And yes, I think I might have heard something about french kisses. Dunno where though....;-)
#5

[eluser]Diantre[/eluser]
Okay i get your point about helpers and libraries.

Thank you for everything !

Diantre.




Theme © iAndrew 2016 - Forum software by © MyBB