Relational databases are powerful beasts. Rightly so they've replaced heirarchical databases for most types of data, directories being the notable exception. But things go wrong when someone who doesn't know jack squat about them is in charge. You'd like an example? Well, it just so happens that I have one. How convenient.
Head on over to americastestkitchen.com and take a look. See if you can find the error before you finish reading this post. Go ahead, I'll wait. Be careful if you sign up for an account as they'll seriously spam your email address. Make sure you uncheck the box that says "send me tons of crap", or whatever it was. Rotten liars. You know, they never did respond to my scathing email.
Anyway, their gimmick is simple. Recipes from the current episode are online, but previous episodes are only for subscribers to Cooks Illustrated magazine. Fair enough. How's it accomplished? Very poorly. A typical URL looks like this (trimmed for brevity): "/recipe.asp?recipeids=26&iSeason=6". The current season is 6, so any link to say "Season=4" will give you a "please pay us $$$ to access this content". Think about that for a second. What's to keep you from changing "4" to "6"? I'll tell you. Absolutely nothing. Try it out and you'll see.
The proper way to do this is to use a relational database (getting back to our topic) to link RecipeId #26 to Season #6. Since a recipe would only be in one season, you'd actually just need a single column added to the table. It doesn't get any simpler than that, and would prevent unauthorized access.
Well, until the incompetent webmasters over at America's Test Kitchen catch wind of this blog you may want to scoop up all their recipes. Considering the popularity of my site, I wouldn't worry about hurrying.