you crack me up dave....

tw

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 12, 2003 6:41 PM
To: CF-Talk
Subject: Re: ?id=23


im sure i will get bashed for this answer but here is something i have
done before

on the link that that would take you to the detail page you normally
pass
the info along via the url.

Well im not sure how correct this is but I have before done the same
thing
by setting the link as a session variable and passed it along to the
detail page then filtered the detail page by that variable, and whalla:)

so you'd get this:
www.your_site.com/details.cfm
instead of
www.your_site.com/details.cfm?id=24

and i dont think they could go into the browser & type it in because the
detail page is sorted by a session.

but i have no idea what the hell im doing, so we may want to get some
others input on this first, lol

dave


> All,
>
> I have an application that passes an id value through a hyperlink that
> the user clicks on in an e-mail. The id feeds the page and extracts
> information and populates the form fields with the user's information.
>
> THE PROBLEM:
> If a user is viewing their customized information with their user
id=23,
> than what would prevent them from view other people's information by
> editing the id value to say, id=24?
>
> SOLUTIONS: ???
> 1) Should I scramble the value in some long string and extract a value
> from it? For example for id=23 replace it with id=ei38skdh23skdu83 and
> pull 23 out of the string? 2) Set a cookie that contains the same id
> value and if the values don't match kick them out to some other page?
>
> Any suggestions would be great.
>
> D-
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

Reply via email to