Reply to Re: newbie: How to avoid URL hacks?? — PHP Language

Posted by Rik on 01/29/07 18:39

Don Freeman <freemand@sonic.net> wrote:
>> Users of this web site can register and create their own profile. Eac=
h
>> user can also register their diary entries.. Here is the problem:
>> index.php?mode=3Ddiary&id=3D1, a user can hack this URL to get access=
to
>> another users diary -> then the user could modify the diary of anothe=
r
>> user, which is something I want to avoid.
>
> Have you tried using POST instead of GET? That way you don't put the =
=

> passed
> variables in the URL.

That would only give a false sense of security, it's just as unsafe.
-- =

Rik Wasmus

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация