[FX.php List] Generating Safe links to Database Records
Malcolm Fitzgerald
malcolm at notyourhomework.net
Wed Jan 18 17:34:13 MST 2012
On 19/01/2012, at 10:21 AM, Tim 'Webko' Booth wrote:
>
> On 17/01/2012, at 11:02 AM, Malcolm Fitzgerald wrote:
>
>> This morning I was testing a routine and the results looked odd. After some head-scratching I increased the modification number on the record and got the right results. The record id returned by FX consists of the internal record ID and it's modification number. The modification number is inherently unstable.
>>
>> I want to be able to generate links to records in the database that do not rely on the modification number. How does FX handle this?
>
> To answer this question - I don't use the -recid to link to records to be viewed via the web. I have a unique web id for most accessible web databases (which is usually also the primary key I use for relationships).
>
> That key itself is some form of UUID so that simply incrementing numbers does not allow people to view other records easily - which is also a weakness in exposing the -recid, as it does follow a simple incrementation rule (with some exceptions).
Yes, that is a serious problem. In this case, all the information is for public consumption so we don't need to disguise the record id.
Malcolm
More information about the FX.php_List
mailing list