List:General Discussion« Previous MessageNext Message »
From:Reindl Harald Date:March 10 2011 8:23pm
Subject:Re: How to protect primary key value on a web page?
View as plain text  

Am 10.03.2011 21:09, schrieb mos:
> At 12:37 PM 3/10/2011, Claudio Nanni wrote:
> 
>> Hi there,
>> Yes I think its actually a pattern a few hundreds million sites solved already
> :)
> 
> Great. How did they do it? :)
> 
>> And any way to encrypt (scramble)the http get string would do. But my question is
> , are you afraid of sql injection?
> 
> I'm using parameterized queries and validating user input so SQL injection shouldn't
> be a problem.
> I just don't want to give the hacker any more useful information than necessary. 
> Let's say I have a Document_Id
> column and the url is
> www.mydocuments.com/public?docid=4
> 
> to retrieve document_id=4, I don't want someone to write a program to retrieve all of
> my public documents and
> download them. I want them to go through the user interface.
> The private documents of course need a user name and password to access them, but
> public documents do not require
> passwords.
> 
> So hashing or encrypting the id column will make the id's non-contiguous and
> impossible to guess.

sorry but this is foolish
leave the id in peace and add a colum with some checksum



Attachment: [application/pgp-signature] OpenPGP digital signature signature.asc
Thread
How to protect primary key value on a web page?mos10 Mar
  • Re: How to protect primary key value on a web page?Claudio Nanni10 Mar
    • Re: How to protect primary key value on a web page?mos10 Mar
      • Re: How to protect primary key value on a web page?Reindl Harald10 Mar
        • Re: How to protect primary key value on a web page?Claudio Nanni10 Mar
          • Re: How to protect primary key value on a web page?Reindl Harald10 Mar
      • Re: How to protect primary key value on a web page?Claudio Nanni10 Mar
      • Re: How to protect primary key value on a web page?Mark Kelly10 Mar
  • Re: How to protect primary key value on a web page?Reindl Harald10 Mar
    • Re: How to protect primary key value on a web page?Mike Diehl10 Mar
  • Re: How to protect primary key value on a web page?MySQL)10 Mar