|
|
Posted by MaXX on 11/12/80 11:45
Good Man wrote:
> MaXX <bs139412@skynet.be> wrote in
> news:e258nf$pbt$1@talisker.lacave.net:
>> The problem is if I'm a nasty guy I just write my own form and delete
>> any record I want (since I'm auth'd) by just sending another id.
> in your database, add a column called "keystring" and index it. populate
> it with 18 characters or so (write a PHP function that does this at the
> same time you enter the info in the database). So, this 'keystring' for
> record 1 might be '9jfhdsufs8ywre' while record 2 might be
> 'agsadgiwqegiqw'.
It's the idea I have, but I need a to find a way to do this with an
absolutly unique "keystring" (md5*/sha1??) to avoid duplicate (may be
extremely rare, but this is the kind of bug you don't want to hunt one
day ;-) ...)
The uniqueness is not realy important in this project but things can
change...
> Since the keystring is indexed, you can delete it from your DB by calling
> "DELETE FROM so_and_so WHERE Keystring='9jfhdsufs8ywre'" Chances are
> pretty damn slim that someone will be able to guess any keystring and
> therefore alter records.
[...]
[*] In my knowledge collisions can exist with md5 but avoiding md5 collision
is a WMD vs fly in that case...
Thanks,
--
MaXX
Navigation:
[Reply to this message]
|