[FX.php List] Obscuring the recid on URL links

Gjermund Gusland Thorsen ggt667 at gmail.com
Sat Aug 26 08:40:52 MDT 2006


What are your relations to Fort Know again?

On 8/26/06, Jonathan Schwartz <jonathan at eschwartz.com> wrote:
> Excellent!
>
> It looks like my made up 20 character long substitute record is the way to go.
>
> Thanks!
>
> Jonathan
>
>
> At 12:26 PM -0700 8/25/06, Joel Shapiro wrote:
> >Hey Jonathan
> >
> >I started a thread on this list on April 24 entitled "Disallowing
> >access thru modifying url?"  There were a number of great, helpful
> >responses.
> >
> >HTH,
> >-Joel
> >
> >
> >Joel Shapiro - FileMaker Pro Database Design
> >~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
> >joelshapiro at jsfmp dot com
> >http://www.jsfmp.com
> >415-269-5055
> >
> >
> >On Aug 25, 2006, at 9:40 AM, Jonathan Schwartz wrote:
> >
> >>I feel that I should know this by now, but still have a question on
> >>how to create links that do not reveal recid's in URL links.
> >>
> >>I understand how to use hidden input fields to hide recids on
> >>forms. No problem there.
> >>
> >>However, on links that use URLs (list.php?recid=12345), what
> >>methods are used to not review the recid?
> >>
> >>I did try a method where I use 20 character randomly generated ID
> >>instead of the recid, and it works fine.  The 20 character ID still
> >>appears in the URTL, but with 20 characters, it represent a
> >>security risk...I think.
> >>
> >>Am I missing some basic concept or technique in this area?
> >>
> >>Thanks
> >>
> >>Jonathan
> >>
> >>--
> >>
> >>Jonathan Schwartz
> >>FileMaker 8 Certified  Developer
> >>Associate Member, FileMaker Solutions Alliance
> >>Schwartz & Company
> >>jonathan at eschwartz.com
> >>http://www.eschwartz.com
> >>http://www.exit445.com
> >>
> >>_______________________________________________
> >>FX.php_List mailing list
> >>FX.php_List at mail.iviking.org
> >>http://www.iviking.org/mailman/listinfo/fx.php_list
> >
> >_______________________________________________
> >FX.php_List mailing list
> >FX.php_List at mail.iviking.org
> >http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> --
>
> Jonathan Schwartz
> FileMaker 8 Certified  Developer
> Associate Member, FileMaker Solutions Alliance
> Schwartz & Company
> jonathan at eschwartz.com
> http://www.eschwartz.com
> http://www.exit445.com
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>


More information about the FX.php_List mailing list