Posted by Gordon Burditt on 10/16/04 11:45

>I want to delete a record from my db with a php script. Let's say I'm auth'd
>and I want to delete the record id 440. With a simple form (get or post), I
>send the id to my script and delete the record (DELETE FROM table WHERE
>id=some_validated_input).
>
>The problem is if I'm a nasty guy I just write my own form and delete any
>record I want (since I'm auth'd) by just sending another id.

Validate they have the authority to delete the record they want
to delete *AT THE TIME OF THE SUBMIT*.

>Is there any way to make arbitrary record deletion non-trivial in php? I'm
>thinking about a hash function to replace the real db id (DELETE FROM table
>WHERE record_hash=validated_form_hash),

You still need to validate that they have the authority to delete the
record *AT THE TIME OF THE SUBMIT*. The owner of the record may have
changed. The person deleting the record may have had the authority
to delete the record yesterday, but he was fired today, or his membership
expired.

>if possible without adding an
>awfull lot of server side computation.

Add a lot of server-side computation. You had to decide if he had the
authority to delete the record when the form was sent to the user. It can't
be that hard.

Gordon L. Burditt

[Back to original message]