Friday, March 4, 2011

parameter, but not in the URL

Hi,

 

Currently i pass all my parameterst hat a views needs over the URL.

Eg.

 

127.0.0.1:800/93/1

 

This would delete an object with the id 93.

This is very unsecure and once the user notices how this works he could delete any object he wants.

 

How can i make this more secure ?!

 

Kind regards

. . . . . . . . . . . . . . . . . . . . . . . . . .

Patrick Szabo
 XSLT Developer

LexisNexis
Marxergasse 25, 1030 Wien

patrick.szabo@lexisnexis.at

Tel.: +43 (1) 534 52 - 1573

Fax: +43 (1) 534 52 - 146



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)