List:General Discussion« Previous MessageNext Message »
From:Reindl Harald Date:March 10 2011 6:45pm
Subject:Re: How to protect primary key value on a web page?
View as plain text  
Am 10.03.2011 18:10, schrieb mos:

> I am building a web application that uses MySQL 5.5 with Innodb tables and I don't
> want the user to see the actual
> primary key value on the web page. The primary key could be the cust_id, bill_id etc
> and is usually auto increment.
> This primary key can appear in the url and will be used to pull up a record and
> display it on the web page.

> So I need some efficient way of 'cloaking' the real primary key so a hacker won't try
> to generate random values to
> access info he shouldn't have access to. How do most web sites handle this?

the most sites will handle this by checking permissions
security by obscurity is simple crap

if i have access to record 738 and get z39 by changing the url
your application is simply broken


Attachment: [application/pgp-signature] OpenPGP digital signature signature.asc
Thread
How to protect primary key value on a web page?mos10 Mar
  • Re: How to protect primary key value on a web page?Claudio Nanni10 Mar
    • Re: How to protect primary key value on a web page?mos10 Mar
      • Re: How to protect primary key value on a web page?Reindl Harald10 Mar
        • Re: How to protect primary key value on a web page?Claudio Nanni10 Mar
          • Re: How to protect primary key value on a web page?Reindl Harald10 Mar
      • Re: How to protect primary key value on a web page?Claudio Nanni10 Mar
      • Re: How to protect primary key value on a web page?Mark Kelly10 Mar
  • Re: How to protect primary key value on a web page?Reindl Harald10 Mar
    • Re: How to protect primary key value on a web page?Mike Diehl10 Mar
  • Re: How to protect primary key value on a web page?MySQL)10 Mar