[FX.php List] Obscuring the recid on URL links

Jonathan Schwartz jonathan at eschwartz.com
Fri Aug 25 19:37:16 MDT 2006


Excellent!

It looks like my made up 20 character long substitute record is the way to go.

Thanks!

Jonathan


At 12:26 PM -0700 8/25/06, Joel Shapiro wrote:
>Hey Jonathan
>
>I started a thread on this list on April 24 entitled "Disallowing 
>access thru modifying url?"  There were a number of great, helpful 
>responses.
>
>HTH,
>-Joel
>
>
>Joel Shapiro - FileMaker Pro Database Design
>~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
>joelshapiro at jsfmp dot com
>http://www.jsfmp.com
>415-269-5055
>
>
>On Aug 25, 2006, at 9:40 AM, Jonathan Schwartz wrote:
>
>>I feel that I should know this by now, but still have a question on 
>>how to create links that do not reveal recid's in URL links.
>>
>>I understand how to use hidden input fields to hide recids on 
>>forms. No problem there.
>>
>>However, on links that use URLs (list.php?recid=12345), what 
>>methods are used to not review the recid?
>>
>>I did try a method where I use 20 character randomly generated ID 
>>instead of the recid, and it works fine.  The 20 character ID still 
>>appears in the URTL, but with 20 characters, it represent a 
>>security risk...I think.
>>
>>Am I missing some basic concept or technique in this area?
>>
>>Thanks
>>
>>Jonathan
>>
>>--
>>
>>Jonathan Schwartz
>>FileMaker 8 Certified  Developer
>>Associate Member, FileMaker Solutions Alliance
>>Schwartz & Company
>>jonathan at eschwartz.com
>>http://www.eschwartz.com
>>http://www.exit445.com
>>
>>_______________________________________________
>>FX.php_List mailing list
>>FX.php_List at mail.iviking.org
>>http://www.iviking.org/mailman/listinfo/fx.php_list
>
>_______________________________________________
>FX.php_List mailing list
>FX.php_List at mail.iviking.org
>http://www.iviking.org/mailman/listinfo/fx.php_list


-- 

Jonathan Schwartz
FileMaker 8 Certified  Developer
Associate Member, FileMaker Solutions Alliance
Schwartz & Company
jonathan at eschwartz.com
http://www.eschwartz.com
http://www.exit445.com



More information about the FX.php_List mailing list