homepage Welcome to WebmasterWorld Guest from 174.129.103.100
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
IDs in Urls
Pico_Train




msg:4361881
 12:10 pm on Sep 13, 2011 (gmt 0)

Hi there,

I'm doing a project where I need to have certain IDs in the GET parameters of the URL. Things like user id, song id and profile id.

Should I hash these in your opinion?

Thanks

 

penders




msg:4361920
 1:33 pm on Sep 13, 2011 (gmt 0)

If it's possible for another user to fake the (user/song/profile) IDs and gain access to information they shouldn't have access to or do anything they wouldn't ordinarily be able to do then I think yes, they should be hashed.

Pico_Train




msg:4361924
 1:44 pm on Sep 13, 2011 (gmt 0)

Ok. Well they have to be logged to get there if not the system throws them another page. That good enough?

penders




msg:4361997
 4:08 pm on Sep 13, 2011 (gmt 0)

Good enough for me or good enough for you? :)

If you are controlling what they can access based on their login then I wouldn't have thought it mattered if IDs were blatant in the URL, providing they don't give away anything personal.

However, if a logged in user can still access information they shouldn't by manipulating the URL then you would need to do something about it IMO.

Pico_Train




msg:4362329
 11:38 am on Sep 14, 2011 (gmt 0)

ok cool, thanks for the guidance...again!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved