I would urge you not to use encrypt/decrypt.  We have found bugs in the
encrypt/decrypt libraries that sometimes something is encrypted that is not
decrypt()able. 

Honestly, add a column to the table of type GUID.  Use this value for url ID
linking.  Users will not be able to guess additional ID's using these long
unique hashes.

Trey Rouse
Data Application Architect
Web Services - Rice University

> -----Original Message-----
> From: [EMAIL PROTECTED] [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Sent: Friday, September 12, 2003 4:53 PM
> To: CF-Talk
> Subject: ?id=23
> 
> All,
> 
> I have an application that passes an id value through a hyperlink that
> the user clicks on in an e-mail. The id feeds the page and extracts
> information and populates the form fields with the user's information.
> 
> THE PROBLEM:
> If a user is viewing their customized information with their user id=23,
> than what would prevent them from view other people's information by
> editing the id value to say, id=24?
> 
> SOLUTIONS: ???
> 1) Should I scramble the value in some long string and extract a value
> from it? For example for id=23 replace it with id=ei38skdh23skdu83 and
> pull 23 out of the string?
> 2) Set a cookie that contains the same id value and if the values don't
> match kick them out to some other page?
> 
> Any suggestions would be great.
> 
> D-
> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. 
http://www.fusionauthority.com/ads.cfm

Reply via email to