avoiding un-secure links
Posted: Sat Apr 10, 2004 4:23 pm
Hi everybody
I'm doing articles system in PHP/MySQL that manage member's articles and viewing them in articles page. BUT i stopped around how to deal with action links (like editing/deleting member records).
Suppose in a member area for Dave's articles shows the following records :
____________________________________________
1)
Article # : art3422
Title : Top 10 leaders
Date : 11/11/2003
[Edit] [Delete]
____________________________________________
2)
Article # : art3425
Title : Best ways
Date : 12/11/2003
[Edit] [Delete]
--------------------------------------------------------------
When the member wants to edit or delete his article, the URL will looks like :
http://www.domain.com/script.php?delete=3425
I know this is very dangerous and anybody could delete others articles by simply passing random Id's !.
So is there any way to hide or encrypt the Id or some secured steps needed to be concidered in this case?
Thanks in advance
Mishal
I'm doing articles system in PHP/MySQL that manage member's articles and viewing them in articles page. BUT i stopped around how to deal with action links (like editing/deleting member records).
Suppose in a member area for Dave's articles shows the following records :
____________________________________________
1)
Article # : art3422
Title : Top 10 leaders
Date : 11/11/2003
[Edit] [Delete]
____________________________________________
2)
Article # : art3425
Title : Best ways
Date : 12/11/2003
[Edit] [Delete]
--------------------------------------------------------------
When the member wants to edit or delete his article, the URL will looks like :
http://www.domain.com/script.php?delete=3425
I know this is very dangerous and anybody could delete others articles by simply passing random Id's !.
So is there any way to hide or encrypt the Id or some secured steps needed to be concidered in this case?
Thanks in advance
Mishal