All, I have an application that passes an id value through a hyperlink that the user clicks on in an e-mail. The id feeds the page and extracts information and populates the form fields with the user's information.
THE PROBLEM: If a user is viewing their customized information with their user id=23, than what would prevent them from view other people's information by editing the id value to say, id=24? SOLUTIONS: ??? 1) Should I scramble the value in some long string and extract a value from it? For example for id=23 replace it with id=ei38skdh23skdu83 and pull 23 out of the string? 2) Set a cookie that contains the same id value and if the values don't match kick them out to some other page? Any suggestions would be great. D- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Get the mailserver that powers this list at http://www.coolfusion.com
