encrypt on the way up and decrypt it when you use it on your form page to pull back the record's data
Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] --------------------------------------------------------- Macromedia Associate Partner www.macromedia.com --------------------------------------------------------- Vancouver Island ColdFusion Users Group Founder & Director www.cfug-vancouverisland.com ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Friday, September 12, 2003 2:52 PM Subject: ?id=23 > All, > > I have an application that passes an id value through a hyperlink that > the user clicks on in an e-mail. The id feeds the page and extracts information and populates the form fields with the user's information. > > THE PROBLEM: > If a user is viewing their customized information with their user id=23, than what would prevent them from view other people's information by editing the id value to say, id=24? > > SOLUTIONS: ??? > 1) Should I scramble the value in some long string and extract a value from it? For example for id=23 replace it with id=ei38skdh23skdu83 and pull 23 out of the string? > 2) Set a cookie that contains the same id value and if the values don't match kick them out to some other page? > > Any suggestions would be great. > > D- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm