[eluser]srpurdy[/eluser]
Basically I'd like to figure this out. For example phpbb uses a way to load loops of data without actually using db calls. I basically would like to remove any way to say delete data from a template(view) So using $this->db or any kind of db call directly would be illegal.
The system I'm working on will work with 1 application and CI2 install. Each person using the site will have access to a template they can edit. Which will give them the ability to have a unique page design. My problem right now is that if someone knows php they could technically add a db call to delete or do whatever they want within the template. Since the system works on a central database as well this isn't good
I have some other security issues I'm working on to make this all good, but I haven't thought of a way around this problem. Does anyone know how this could be done?
This is sort of already a live application. That I'd like to improve the features with regards to the page layout, and this is one of them. Right now everyone is pretty limited because of security issues which would open up if I allowed some things.
Thanks
Shawn
