Welcome to WebmasterWorld Guest from 54.234.38.8

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

IDs in Urls

     
12:10 pm on Sep 13, 2011 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 4, 2005
posts:621
votes: 0


Hi there,

I'm doing a project where I need to have certain IDs in the GET parameters of the URL. Things like user id, song id and profile id.

Should I hash these in your opinion?

Thanks
1:33 pm on Sept 13, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:July 3, 2006
posts: 3123
votes: 0


If it's possible for another user to fake the (user/song/profile) IDs and gain access to information they shouldn't have access to or do anything they wouldn't ordinarily be able to do then I think yes, they should be hashed.
1:44 pm on Sept 13, 2011 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 4, 2005
posts:621
votes: 0


Ok. Well they have to be logged to get there if not the system throws them another page. That good enough?
4:08 pm on Sept 13, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:July 3, 2006
posts: 3123
votes: 0


Good enough for me or good enough for you? :)

If you are controlling what they can access based on their login then I wouldn't have thought it mattered if IDs were blatant in the URL, providing they don't give away anything personal.

However, if a logged in user can still access information they shouldn't by manipulating the URL then you would need to do something about it IMO.
11:38 am on Sept 14, 2011 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 4, 2005
posts:621
votes: 0


ok cool, thanks for the guidance...again!