+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: using id in url / security issue (/showthread.php?tid=27331)
using id in url / security issue - El Forum - 02-08-2010
[eluser]Jan_1[/eluser]
Hi!
I have userprofiles, classifieds and articels
and I do use '$this->uri->segment' in controller to get the single content in the template.
So you can read the user_id in the url (..index.php/profil/23.html).
Well, I do check user-rights in the model, but shouldn't I pass an user_id more confidental? I want to protect my users data. For example using an encrypt date for 'id' instead of using autoincreatment for 'id' in mysql?
How are you doing?
Greetings, Jan
using id in url / security issue - El Forum - 02-08-2010
[eluser]danmontgomery[/eluser]
First, a database ID is not user data... As long as you're checking the current user against the page they're trying to view, it really doesn't matter.
You can hash the id:
Quote:index.php/profile/d389a39f4584dfd3f53cdc453db9a925.html
Code:
$user_id = $this->uri->segment(2);
$sql = "SELECT * FROM users WHERE MD5(CONCAT(first_name, id)) = '" . $user_id . '";For example.