Hiding URL query parameters - encrpytion, session, etc ?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

To clarify, my point isn't so much the information security or a hackers ability to screw with the POST data. What I am getting at is this...

You have a link that is clickable in your admin panel. Let's say that this admin panel has a listing of posts that can be deleted. The way it is set up is that the link goes to delpage.php?post=XX where XX is a record ID. Less seasoned developers may look at this as something easy to do and easy to manage, but what happens when someone that knows nothing about your system gets bored and starts throwing any arbitry number into the querystring. Not a hacker, but say, a bored boss that you developed this for. So instead of keeping to those posts that are on the list he justs starting popping numbers into your script. Then what? Someone who doesn't put int the necessary steps in the script to make sure that what is getting wonked from the DB is actually supposed to get wiped out is in for a rude awakening.

I only bring this up because younger (less experienced I should say) developers haven't always thought out the logical progression of what their code does. There are few books that teach the protection of data when teaching how to set up a system like this. In fact, I was stung by this once. That is why I switched to POST instead of GET. If a hacker wants to take a crack at my code, nothing is going to stop them from trying. But I am more concerned with the regular users of the application and their ability to create utter and complete havoc when they bored and see 'those cool little numbers in the address bar'*.


* Actually wording of a client that hosed their data because I wasn't, at the time, a logical developer. Oh well, live and learn, and don't make the same mistake twice.
tdnxxx444
Forum Newbie
Posts: 23
Joined: Wed Mar 08, 2006 5:57 pm

Post by tdnxxx444 »

Weirdan wrote:
Weirdan - What if ANY user can view items shold by a specific user?
Do you mean they SHOULD be able to view those items?
Sorry, I meant "sold".. typo. But anyways, back to the topic.. That's what I'm thinking. When using GET instead of POST, the user can still find the hidden variables in the form just by doing a view source.

You can put in checks in your system, but checks can only go so far. Exposing the id gives hackers an extra tool to get into your system and find other loopholes. -- Loopholes that we may not see before our very eye, but can be found by an experienced, and skilled hacker with plenty of time on their hands.
Post Reply