If in some circumstances you find you need to pass an id but don't want people 'browsing' by changing id. You can create a hash of the file id and some 'secret' string ( i often use the current logged in user so it varies) if the hashed id matches the submitted hash then you know that they haven't just changed the id.
there are some good posts here: http://www.php.net/manual/en/function.hash-hmac.php TW On May 25, 1:38 pm, Tom Haskins-Vaughan <t...@templestreetmedia.com> wrote: > Instead of using > > mysite.com/account/profile/5 > > I would use > > mysite.com/account/profile > > And get the user_id from the sessions: > > $this->profile = $this-GetUser()->getProfile(); > > On Mon, May 24, 2010 at 6:37 PM, Samuel Morhaim > > > > <samuel.morh...@gmail.com> wrote: > > If I have something such as > > > mysite.com/account/profile/5 > > > What prevents me from switching the /5 for a /4 /3 .. etc.. to call the > > profile for other Id's? How do you prevent this from happening? > > > thanks. > > > -- > > If you want to report a vulnerability issue on symfony, please send it to > > security at symfony-project.com > > > You received this message because you are subscribed to the Google > > Groups "symfony users" group. > > To post to this group, send email to symfony-users@googlegroups.com > > To unsubscribe from this group, send email to > > symfony-users+unsubscr...@googlegroups.com > > For more options, visit this group at > >http://groups.google.com/group/symfony-users?hl=en > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > For more options, visit this group > athttp://groups.google.com/group/symfony-users?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
