[FX.php List] How to avoid URL counterfeiting
Vision Computer Consulting
info at visioncomputerconsulting.com
Thu Jun 28 08:18:24 MDT 2007
I use this for shopping cart id, but could be used for a random number.
$cart_id = md5(uniqid(rand()));
On Jun 28, 2007, at 5:09 AM, Jonathan Schwartz wrote:
> One of the methods I use...create a unique random ID for each
> record that can not be reasonably guessed:
> XXXXXXXX-XXXXXXXX.
>
> I use this formula to generate the id: left(random*1000000,8) &
> "-"& left(random*1000000,8)
>
> Unlike recid, which is sequential and easily guessed, this long ID
> prevents easy counterfeiting. While this is not foolproof, it's a
> good start.
>
> HTH,
>
> Jonathan
>
>> Hi guys -
>>
>> excellent breadth of knowledge here I have to say ! - but a lot of
>> archive material to get through !
>>
>> I am forced sometimes to use header : Location:
>> filename.php?salesId=$salesId&conID=$conID - but an inquisitive user
>> (or a malicious one) may of course swap out the ids - what's the best
>> method of not allowing this to happen ? - I will log them out of
>> course if they try this :-)
>>
>> I am thinking about setting session variables and comparing them to
>> the request variables, but is the correct method ?
>>
>> William
>> --
>> To see victory only when it is within the ken of the common herd is
>> not the acme of excellence.
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> --
> Jonathan Schwartz
> Exit 445 Group
> jonathan at exit445.com
> http://www.exit445.com
> 415-381-1852
> FileMaker 8 Certified Developer
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
More information about the FX.php_List
mailing list