Welcome to WebmasterWorld Guest from 188.8.131.52 , register , free tools , login , search , subscribe , help , library , announcements , recent posts , open posts Subscribe to WebmasterWorld
IDs in Urls Pico_Train msg:4361881 12:10 pm on Sep 13, 2011 (gmt 0) Hi there, I'm doing a project where I need to have certain IDs in the GET parameters of the URL. Things like user id, song id and profile id. Should I hash these in your opinion? Thanks
penders msg:4361920 1:33 pm on Sep 13, 2011 (gmt 0)
If it's possible for another user to fake the (user/song/profile) IDs and gain access to information they shouldn't have access to or do anything they wouldn't ordinarily be able to do then I think yes, they should be hashed. Pico_Train msg:4361924 1:44 pm on Sep 13, 2011 (gmt 0)
Ok. Well they have to be logged to get there if not the system throws them another page. That good enough? penders msg:4361997 4:08 pm on Sep 13, 2011 (gmt 0)
Good enough for me or good enough for you? :) If you are controlling what they can access based on their login then I wouldn't have thought it mattered if IDs were blatant in the URL, providing they don't give away anything personal. However, if a logged in user can still access information they shouldn't by manipulating the URL then you would need to do something about it IMO. Pico_Train msg:4362329 11:38 am on Sep 14, 2011 (gmt 0)
ok cool, thanks for the guidance...again!