Approach with possible security issues

[Stuart Taylor]

Hello,

I have a little idea, thought i would post it as it has possible security issues and i think i have worked out how to avoid them but here goes.

I have an invoice database that can get quite complex when it comes to taxes. ... so whats new!

I have a little idea to try and avoid having to update my file each time these tax rules change ... to make things more interesting it also has to handle multiple taxation for multiple countries.

Here is Example 1:

The item is sold for £1000

Taxable amount = £1000

Standard tax is 17.5%

Total is £1175 inc tax

Ok so thats the standard one in the UK.

Here is Example 2

The item is sold for £1000

As the supplier is not VAT registered (the purchase price is £500), the buyer is only charged tax on the Sellers share of the sale using a scheme.

The Scheme Tax is calculated as follows:

Taxable amount = £1000 - £500 = £500

Total Tax = £87.50

Total = 1087.50 inc tax

Other countries such as the US have multiple taxation and other factors can also impact on the outcome. (so calc fields with is a bad choice here as it could mean unnessacery work and it can be avoided).

Because of this i am looking at using a table to store the taxes and their methods.

I also want a table of methods themselves and the calculations applied to this method. (the calculation will be stored in a field and the Evaluate ( ) function will be used.

This allows for new methods and method changes internationally to be imported into the database via xml on the web or a downloadable file.

so the calculation stored in the field needs to be read only. I will use very flexible custom functions to do the calcs (unless i forget something).

So how can i allow the user to import the data when they only have read only access.

Is "Run with full access privileges" the right approach?

Or is it a security risk.

If i have a seperate user admin account to do this it will get out of date very quickly as it will not be updated.

best

Stuart