Security Issues and the GET header
Posted: Sat Dec 20, 2003 8:46 pm
Hi all,
I am currently involve in developing an e-learning site, where the users have to pay a certain amount of credit for accessing each lesson. One of the problem I am facing now is the security issues pertaining to using the GET header to transmit information between page.
For example, let say the query string to access to access a certain lesson looks like this is:
http://www.elessons.php/elesson.php?pag ... lessonid=1
How do I prevent a cheating user fro memorising the URL and typing it into the address bar directly?
1) Is there a way to encode the GET header before transmiting, or do I have to encode each URL by myself? (This is a solution, but I didn't forsee this problem so it means I have to change thousand of links. Bad planning on my part)
2) Is there a callback event which is called when a link is clicked? At least if this is, I could add a authenticiation flag to the user's session before the GET header is actually sent.
3)Is it possible to add something to the GET header directly, before or after the click on the URL is processed?
4) Or, is it possible to send a link via the POST method?
Any other solutions would be very much appreciated! Thanks!
I am currently involve in developing an e-learning site, where the users have to pay a certain amount of credit for accessing each lesson. One of the problem I am facing now is the security issues pertaining to using the GET header to transmit information between page.
For example, let say the query string to access to access a certain lesson looks like this is:
http://www.elessons.php/elesson.php?pag ... lessonid=1
How do I prevent a cheating user fro memorising the URL and typing it into the address bar directly?
1) Is there a way to encode the GET header before transmiting, or do I have to encode each URL by myself? (This is a solution, but I didn't forsee this problem so it means I have to change thousand of links. Bad planning on my part)
2) Is there a callback event which is called when a link is clicked? At least if this is, I could add a authenticiation flag to the user's session before the GET header is actually sent.
3)Is it possible to add something to the GET header directly, before or after the click on the URL is processed?
4) Or, is it possible to send a link via the POST method?
Any other solutions would be very much appreciated! Thanks!