+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: security issue? - url (/showthread.php?tid=4545)
security issue? - url - El Forum - 12-01-2007
[eluser]pieter dekker[/eluser]
Hi!
I use freakauth for loggin in on my site.
I have a controller user, user has a function edit. An example url:
http://www.mydomain.com/index.php/user/edit/3
Everyone can see this url, isn't that a security thread?
security issue? - url - El Forum - 12-01-2007
[eluser]Michael Wales[/eluser]
Only if you make it a threat.
Within the edit controller you should check as to whether the user is attempting to edit themselves or if the user is an admin. If so, let them edit; if not, send them somewhere else.