CodeIgniter Forums

Full Version: passing values in segment
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]ptvw2011[/eluser]
Hello

I am building an application which incorporates CRUD. So to delete a document I will pass the docID in the URL. so myapp.com/controller/docID.

I realise that this is very insecure, so I test docID against the session userID in the database and return false if its invalid and redirect the user so people cant just adjust the ID and start deleting random documents.

My question is: 'is this ample security for a public accessible system?'

if not, what other methods could I use?

sorry for my poor English I am not a native speaker Smile

Thanks