Am 10.03.2011 18:10, schrieb mos: > I am building a web application that uses MySQL 5.5 with Innodb tables and I > don't want the user to see the actual > primary key value on the web page. The primary key could be the cust_id, > bill_id etc and is usually auto increment. > This primary key can appear in the url and will be used to pull up a record > and display it on the web page.
> So I need some efficient way of 'cloaking' the real primary key so a hacker > won't try to generate random values to > access info he shouldn't have access to. How do most web sites handle this? the most sites will handle this by checking permissions security by obscurity is simple crap if i have access to record 738 and get z39 by changing the url your application is simply broken
signature.asc
Description: OpenPGP digital signature