| List: | General Discussion | « Previous MessageNext Message » | |
| From: | Reindl Harald | Date: | March 10 2011 6:45pm |
| Subject: | Re: How to protect primary key value on a web page? | ||
| View as plain text | |||
Am 10.03.2011 18:10, schrieb mos: > I am building a web application that uses MySQL 5.5 with Innodb tables and I don't > want the user to see the actual > primary key value on the web page. The primary key could be the cust_id, bill_id etc > and is usually auto increment. > This primary key can appear in the url and will be used to pull up a record and > display it on the web page. > So I need some efficient way of 'cloaking' the real primary key so a hacker won't try > to generate random values to > access info he shouldn't have access to. How do most web sites handle this? the most sites will handle this by checking permissions security by obscurity is simple crap if i have access to record 738 and get z39 by changing the url your application is simply broken Attachment: [application/pgp-signature] OpenPGP digital signature signature.asc
| Thread | ||
|---|---|---|
| • How to protect primary key value on a web page? | mos | 10 Mar |
| • Re: How to protect primary key value on a web page? | Claudio Nanni | 10 Mar |
| • Re: How to protect primary key value on a web page? | mos | 10 Mar |
| • Re: How to protect primary key value on a web page? | Reindl Harald | 10 Mar |
| • Re: How to protect primary key value on a web page? | Claudio Nanni | 10 Mar |
| • Re: How to protect primary key value on a web page? | Reindl Harald | 10 Mar |
| • Re: How to protect primary key value on a web page? | Claudio Nanni | 10 Mar |
| • Re: How to protect primary key value on a web page? | Mark Kelly | 10 Mar |
| • Re: How to protect primary key value on a web page? | Reindl Harald | 10 Mar |
| • Re: How to protect primary key value on a web page? | Mike Diehl | 10 Mar |
| • Re: How to protect primary key value on a web page? | MySQL) | 10 Mar |