Hi there,

ive been working on some basic newsletter-signup stuff with OptInCodes.
When accepting an OptInCode the user has to pass through 4 different 
variables (OptInCode + 3 primary keys).
Other than this doesnt look nice at all for any given user it reveals some 
of our primary keys which has an impact on the security.

This is how my url looks like:
.../updateNewsletterStatus?contactListId=1000&partyId=10020&fromDate=2011-01-13 
10:46:32.952&optInVerifyCode=9744644563

I thought about creating an entity with one primary key and 4 foreign keys 
(from above url). 
The primary key could than be a hash value that is passed through by a 
user.
What do you think about this idea?

Greetings,
Mirko



Mirko Vogelsmeier
Auszubildender Fachinformatiker AEW
Lynx-Consulting GmbH
Johanniskirchplatz 6
33615 Bielefeld
Deutschland
Fon: +49 521 5247-0
Fax: +49 521 5247-250
Mobil: 


Company and Management Headquarters:
Lynx-Consulting GmbH, Johanniskirchplatz 6, 33615 Bielefeld, Deutschland
Fon: +49 521 5247-0, Fax: +49 521 5247-250, www.lynx.de

Court Registration: Amtsgericht Bielefeld HRB 35946
Chief Executive Officers: Karsten Noss, Dirk Osterkamp

----------------------------------------------------------------------------------------------------
This e-mail may contain trade secrets or privileged, undisclosed, or otherwise 
confidential information. If you have received this e-mail in error, you are 
hereby notified that any review, copying, or distribution of it is strictly 
prohibited. Please inform us immediately and destroy the original transmittal. 
Thank you for your cooperation. 
----------------------------------------------------------------------------------------------------


*****************************************************************************

Reply via email to