[FX.php List] Disallowing access thru modifying url?
hal at macfl.com
Wed Apr 26 09:03:22 MDT 2006
On Apr 24, 2006, at 1:28 PM, Joel Shapiro wrote:
> What ways are there to limit record access to *only* clicked-on links?
> When I get a list of records, clicking on any one of them links to
> their respective url, e.g.:
You might be able to deal with this in the same way some credit card
companies generate temporary credit card numbers for online purchases.
While generating the page for the user, add records to a
RecordsRequest table which act as an alias to the real record like so:
- When they click on the the link, it would find the RecordsRequest
where it could find the real record id and then go on to find the
record of interest.
- If you made the recreq big enough it would be hard to guess one
that existed. Generating it could be as easy as choosing a random
single digit number/letter and appending twenty of them or so. Just
make sure the generated number doesn't already exist.
- You could also add a RecordsRequest expiration timestamp. After a
certain amount of time old RecordsRequest could be deleted.
Does this make sense? It would add a layer of complexity, but not too
Hal Gumbert <hal at macfl.com> or <hal at mac.com>
- FileMaker 7 Certified Developer & FileMaker 8 Certified Developer
- Apple Certified ACTC 10.1, ACHDS 10.3, ACHDS 10.4
More information about the FX.php_List