[FX.php List] How to avoid URL counterfeiting
Jonathan Schwartz
jonathan at exit445.com
Thu Jun 28 06:09:26 MDT 2007
One of the methods I use...create a unique random ID for each record
that can not be reasonably guessed:
XXXXXXXX-XXXXXXXX.
I use this formula to generate the id: left(random*1000000,8) & "-"&
left(random*1000000,8)
Unlike recid, which is sequential and easily guessed, this long ID
prevents easy counterfeiting. While this is not foolproof, it's a
good start.
HTH,
Jonathan
>Hi guys -
>
>excellent breadth of knowledge here I have to say ! - but a lot of
>archive material to get through !
>
>I am forced sometimes to use header : Location:
>filename.php?salesId=$salesId&conID=$conID - but an inquisitive user
>(or a malicious one) may of course swap out the ids - what's the best
>method of not allowing this to happen ? - I will log them out of
>course if they try this :-)
>
>I am thinking about setting session variables and comparing them to
>the request variables, but is the correct method ?
>
>William
>--
>To see victory only when it is within the ken of the common herd is
>not the acme of excellence.
>_______________________________________________
>FX.php_List mailing list
>FX.php_List at mail.iviking.org
>http://www.iviking.org/mailman/listinfo/fx.php_list
--
Jonathan Schwartz
Exit 445 Group
jonathan at exit445.com
http://www.exit445.com
415-381-1852
FileMaker 8 Certified Developer
More information about the FX.php_List
mailing list