Use a "backup" variable to authenticate the user with their profile. For example a user "logs in" - you can assign their ID number as a session variable (eg: 23) but ALSO assign a unique variable that you stored in the database when the account was created - eg CreateUUID().
Then when they login you can retrieve their information when the ID is 23 AND the UUID equals the value stored in the database, eg: 9FEF4148-B963-46D4-0A570610E956CBDE. You then merely need to check if the two session variable marry up to display, or not, the page. Peter Tilbrook ColdFusion Applications Developer ColdGen Internet Solutions 4/73 Tharwa Road Queanbeyan, NSW, 2620 AUSTRALIA Telephone: +61-2-6284-2727 Mobile: +61-0439-401-823 E-mail: [EMAIL PROTECTED] World Wide Web: http:/www.coldgen.com/ == Analust - word meaning a Analyst (like myself) seeking work as an analyst/programmer. -----Original Message----- From: [EMAIL PROTECTED] [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, 13 September 2003 7:53 AM To: CF-Talk Subject: ?id=23 All, I have an application that passes an id value through a hyperlink that the user clicks on in an e-mail. The id feeds the page and extracts information and populates the form fields with the user's information. THE PROBLEM: If a user is viewing their customized information with their user id=23, than what would prevent them from view other people's information by editing the id value to say, id=24? SOLUTIONS: ??? 1) Should I scramble the value in some long string and extract a value from it? For example for id=23 replace it with id=ei38skdh23skdu83 and pull 23 out of the string? 2) Set a cookie that contains the same id value and if the values don't match kick them out to some other page? Any suggestions would be great. D- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com
