Welcome to WebmasterWorld Guest from 50.16.78.128

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

IDs in Urls

   
12:10 pm on Sep 13, 2011 (gmt 0)

10+ Year Member



Hi there,

I'm doing a project where I need to have certain IDs in the GET parameters of the URL. Things like user id, song id and profile id.

Should I hash these in your opinion?

Thanks
1:33 pm on Sep 13, 2011 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



If it's possible for another user to fake the (user/song/profile) IDs and gain access to information they shouldn't have access to or do anything they wouldn't ordinarily be able to do then I think yes, they should be hashed.
1:44 pm on Sep 13, 2011 (gmt 0)

10+ Year Member



Ok. Well they have to be logged to get there if not the system throws them another page. That good enough?
4:08 pm on Sep 13, 2011 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Good enough for me or good enough for you? :)

If you are controlling what they can access based on their login then I wouldn't have thought it mattered if IDs were blatant in the URL, providing they don't give away anything personal.

However, if a logged in user can still access information they shouldn't by manipulating the URL then you would need to do something about it IMO.
11:38 am on Sep 14, 2011 (gmt 0)

10+ Year Member



ok cool, thanks for the guidance...again!
 

Featured Threads

Hot Threads This Week

Hot Threads This Month