homepage Welcome to WebmasterWorld Guest from 54.167.174.90
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
IDs in Urls
Pico_Train

5+ Year Member



 
Msg#: 4361879 posted 12:10 pm on Sep 13, 2011 (gmt 0)

Hi there,

I'm doing a project where I need to have certain IDs in the GET parameters of the URL. Things like user id, song id and profile id.

Should I hash these in your opinion?

Thanks

 

penders

WebmasterWorld Senior Member penders us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4361879 posted 1:33 pm on Sep 13, 2011 (gmt 0)

If it's possible for another user to fake the (user/song/profile) IDs and gain access to information they shouldn't have access to or do anything they wouldn't ordinarily be able to do then I think yes, they should be hashed.

Pico_Train

5+ Year Member



 
Msg#: 4361879 posted 1:44 pm on Sep 13, 2011 (gmt 0)

Ok. Well they have to be logged to get there if not the system throws them another page. That good enough?

penders

WebmasterWorld Senior Member penders us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4361879 posted 4:08 pm on Sep 13, 2011 (gmt 0)

Good enough for me or good enough for you? :)

If you are controlling what they can access based on their login then I wouldn't have thought it mattered if IDs were blatant in the URL, providing they don't give away anything personal.

However, if a logged in user can still access information they shouldn't by manipulating the URL then you would need to do something about it IMO.

Pico_Train

5+ Year Member



 
Msg#: 4361879 posted 11:38 am on Sep 14, 2011 (gmt 0)

ok cool, thanks for the guidance...again!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved