Hi,<br>As you know in other languages, it exists failures with security of passwords, for example type 1OR1 with escape ' " strings, etc.<br><br>I am trying to make an interactive blog, and all users can post comments at each posts, but only guys who know the password can create, update, delete posts, etc.<br>
<br>In my code, i define an admin password ( a string ), for example with (define admin-pass "foo")<br>Then, when i want to execute a protected action, like update posts, create, delete, i have an input field named a-password, and i compare the two passwords :<br>
(if (equal? a-password admin-pass) (execute-my-code!) (printf "you cannot make this action without admin privilege"))<br><br>This pseudo code is it securised, or is it easy to " escape " the password verification and add new posts, delete, etc, without admin privilege ?<br>
<br>Thanks in advance,<br>-mw<br>