Workaround for security to http://www.something.com?var=13
Posted: Fri Mar 10, 2006 3:22 pm
Hi,
I am working on the following for a property website;
- The users control panel has an option to list all their properties which they are advertising
- The user may not have uploaded an image, therefore a "Click here to upload" image is displayed which is a link to imageupload.php (upload image script).
- If the user clicks this they will be diverted to a page like the following ;
http://www.something.com/property_image ... php?var=13 ( the "13" is the property id)
Now I am aware that there is a secuirty risk with get functions specifically doing the above using url's.
I need a workaround...... what first springs to mind is randomising and then md5'ing the property id so that the user cannot guess others - Would this be a good solution?
Please help.
I am working on the following for a property website;
- The users control panel has an option to list all their properties which they are advertising
- The user may not have uploaded an image, therefore a "Click here to upload" image is displayed which is a link to imageupload.php (upload image script).
- If the user clicks this they will be diverted to a page like the following ;
http://www.something.com/property_image ... php?var=13 ( the "13" is the property id)
Now I am aware that there is a secuirty risk with get functions specifically doing the above using url's.
I need a workaround...... what first springs to mind is randomising and then md5'ing the property id so that the user cannot guess others - Would this be a good solution?
Please help.