passing values in segment


I am building an application which incorporates CRUD. So to delete a document I will pass the docID in the URL. so

I realise that this is very insecure, so I test docID against the session userID in the database and return false if its invalid and redirect the user so people cant just adjust the ID and start deleting random documents.

My question is: 'is this ample security for a public accessible system?'

if not, what other methods could I use?

sorry for my poor English I am not a native speaker Smile


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.