Posted by dino d. on 03/11/07 21:29

>
> But the question begs - why worry about exposing the id? It's only an
> identifier to a row, and should not have any meaning of its own. If
> you're trying to obscure it for security reasons, it won't work.
> Obscurity is no security. Rather you need to have other means of
> verifying if this person is authorized to edit the row.
>


ok, sorry for the top posting, by "top posting" you mean writing your
reply at the top, right? back to the question - i don't want to give
the user an opportunity to monkey around with the html somehow, and
send back a bogus response via a POST variable. I want to ensure 2
things- first, that the person is authorized to edit this row, and
second, that this is the row that he or she is authorized to edit. It
sounds like sessions are the way to go with some kind of encyrption.
Is that the generally accepted way of doing this?

Thanks again,
Dino

• Next in forum: Learn CSS (Cascading Style Sheets) with simple tutorials
• Prev in forum: Re: how to securely store a record index when editing a mysql record
• Thread view: Re: how to securely store a record index when editing a mysql record

[Reply to this message]