Posted by Jerry Stuckle on 03/11/07 18:31

dino d. wrote:
> On Mar 9, 10:46 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> dino d. wrote:
>>> hi everyone- my subject pretty much says it all- is there a secure way
>>> to do this? the non-secure ways are, as i understand it, to populate
>>> a listbox with indices as names, or maybe use a hidden control. is the
>>> only secure way with sessions? i was also thinking about perhaps
>>> creating a meta table that says who is editing which record right
>>> now. any advice?
>>> thanks,
>>> dino
>> Define "Editing a MySQL record".
>>
>> What happens if the user brings up an edit form then shuts off the
>> computer, for instance?
>>
>> --
>> ==================
>> Remove the "x" from my email address
>> Jerry Stuckle
>> JDS Computer Training Corp.
>> jstuck...@attglobal.net
>> ==================
>
>
> i'm really mostly concerned about how to pass the record id of the
> edited record on post without exposing the record ID to the html
> source. thanks for any help.
>
> dino
>
>

(Top posting fixed)

Lots of ways. As Iván suggested, use a session variable. A hash doesn't
work (not reversible), but you could also append a hidden string (known
only to you) and encrypt it.

But the question begs - why worry about exposing the id? It's only an
identifier to a row, and should not have any meaning of its own. If
you're trying to obscure it for security reasons, it won't work.
Obscurity is no security. Rather you need to have other means of
verifying if this person is authorized to edit the row.

P.S. Please don't top post. Thanks.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]