Hello,
I setup a view query where it only displays records on the user's ID. I
notice that if I change the
ID name in the URL it will show the other records for that ID, I am sure
there is a simple way to prevent this.
Any help is greatly appreciated.
Thanks
Dave
_
.
So we did this to try and counter it:
http://sourceforge.net/projects/cfurlencrypt/
::: -Original Message-
::: From: David Douglas [mailto:[EMAIL PROTECTED]]
::: Sent: Friday, January 18, 2002 11:26 AM
::: To: CF-Talk
::: Subject: Preventing URL Variables from being changed
:::
:::
:::
When they login, set session.UserID
Whenever a record is accessed do a check to make sure that record.UserID
= session.UserID, and if not then give them some "unauthorized" message
or whatever.
>>> David Douglas <[EMAIL PROTECTED]> 01/18/02 01:25PM >>>
Hello,
I setup a view query where it onl
ally is the Force, and a powerful ally it is." - Yoda
> -Original Message-
> From: David Douglas [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 18, 2002 1:26 PM
> To: CF-Talk
> Subject: Preventing URL Variables from being changed
>
>
> Hello,
>
prevent exploitation.
EC
-Original Message-
From: BEN MORRIS [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 18, 2002 1:25 PM
To: CF-Talk
Subject: Re: Preventing URL Variables from being changed
When they login, set session.UserID
Whenever a record is accessed do a check to make sure that
What I do is simply pass the variable back and forth setting up parameters.
I avoid the passing of the values through the URL. I am not an expert at the
"terminology of CF", but all I know is that I got it to work without a
problem. Wish I could explain it more, but I cannot.
"BEN MORRIS" <[EMAIL
6 matches
Mail list logo