how to secured query string

vash · #1 (**permalink**) 12-04-2004, 09:18 PM

camner erk..
bila kite pass query, sometimes..
ada orang edit query kiter n bole tengok data lain...
so any solution to hidden link or encrypt it?

lcf · #2 (**permalink**) 13-04-2004, 08:55 AM

- Do not use query string for important data. Use query string for common purpose that will make no effect to your data only. Example: search string
- use POST, instead of GET
- use session (?)

vash · #3 (**permalink**) 13-04-2004, 09:05 AM

i already use season to authenticate user access level..
n its working well..
but for the same level...
they can change the query n access other user page...
by changing query for user ID
but if they copy n paste to new page (browsser) ...the session will work..
n they can't access the page...
so any solution to avoid them to change qquery at the same page as they logon..

tesla_rage · #4 (**permalink**) 28-04-2004, 02:47 PM

talk about user authentication first...

it is best to have a file that checks the user's access level on every page that requires higher user level.. just include it in every file...

like what lcf said, if u need to pass an important value, use post method... then everything will be invisible to user...

err, i used to keep the user ID in a session variable...

and also their access level... i dunno if there are better ways to do this... but certainly not querystring...

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Can I get a variable name as a string?	montyauto	Website Programming	3	06-05-2007 04:51 AM
Why my Query Not Working??	marukochan	Website Programming	3	05-04-2007 02:10 PM
Sql query untuk A+B-C ...	nixx	Website Programming	5	06-10-2004 04:51 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)