CodeIgniter Forums

Full Version: secure URI segments
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]Unknown[/eluser]
HI THere,

THinking about CRUD operations, I might use this URL to delete or update a record ...

http://mydomain/index.php/mycontroller/myfunction/2

Where the last URI segment (2) is a table unique id.

This looks very unsafe !

What protection can we use to stop a rogue user from changing the value of the last URI segment
and hence delete many rows ?

Steven Matthews

El Forum

[eluser]skunkbad[/eluser]
[quote author="Steven M" date="1335630105"]HI THere,

THinking about CRUD operations, I might use this URL to delete or update a record ...

http://mydomain/index.php/mycontroller/myfunction/2

Where the last URI segment (2) is a table unique id.

This looks very unsafe !

What protection can we use to stop a rogue user from changing the value of the last URI segment
and hence delete many rows ?

Steven Matthews [/quote]

Anytime you have a user deleting something in the database, whether the record ID is in the URL, post var, query string, cookie, etc., you want to authenticate the user and verify they should be taking action. If the user is the owner or part of a group that has rights to delete, then allow them to delete. It sounds like you need an authentication library/system.

El Forum

[eluser]Unknown[/eluser]
THanks for getting back ..

Authentication though does not prevent them from changing the parameter and deleting as
many records as they like ...

I guess that URLS like that simply should not be in the public domain and if they are, it only gives read access to resources.

Is there a non url method in CI that can be used to update / delete records ?

Steven Matthews

El Forum

[eluser]CroNiX[/eluser]
How would you go about this if you weren't using CI? You'd still have to use the url, post/get value, session or a cookie the exact same way. All of them can be manipulated by the end user. What skunkbad said is correct, the only way is the make sure the person making the request has the authority to do so. Like, if its a "moderator" deleting users, and the id is for that of an admin user, it should be rejected as a moderator shouldn't be able to delete an administrator. If it's for a user that the moderator should be able to delete, does it matter how they did it? You need to check permissions before just blindly accepting actions, regardless of their source. Not just to make sure that the person has "delete" access, but also whether they are allowed to delete the user specified (in this example).