im sure i will get bashed for this answer but here is something i have done before
on the link that that would take you to the detail page you normally pass the info along via the url. Well im not sure how correct this is but I have before done the same thing by setting the link as a session variable and passed it along to the detail page then filtered the detail page by that variable, and whalla:) so you'd get this: www.your_site.com/details.cfm instead of www.your_site.com/details.cfm?id=24 and i dont think they could go into the browser & type it in because the detail page is sorted by a session. but i have no idea what the hell im doing, so we may want to get some others input on this first, lol dave > All, > > I have an application that passes an id value through a hyperlink that > the user clicks on in an e-mail. The id feeds the page and extracts > information and populates the form fields with the user's information. > > THE PROBLEM: > If a user is viewing their customized information with their user id=23, > than what would prevent them from view other people's information by > editing the id value to say, id=24? > > SOLUTIONS: ??? > 1) Should I scramble the value in some long string and extract a value > from it? For example for id=23 replace it with id=ei38skdh23skdu83 and > pull 23 out of the string? 2) Set a cookie that contains the same id > value and if the values don't match kick them out to some other page? > > Any suggestions would be great. > > D- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Get the mailserver that powers this list at http://www.coolfusion.com