Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Security precautions when updating database row via URL segments
Security precautions when updating database row via URL segments
  • El Forum
    Unregistered
  •  
#4
07-20-2012, 03:31 PM

[eluser]Aken[/eluser]
Just because I'm logged in doesn't mean I have access to everything (in most cases). You'll likely need to take user permissions into account.

You need to do type casting or something on your values. Because I could still break it by using other numeric values of $id and $val. For instance, "+0123.45e6" is a valid numeric string that would screw up $id. "0.35e1" is a valid numeric string that is between -4 and 4 that could screw up $val.

There's a lot you need to take into account when allowing actions through URLs:
- Is the $id format valid, and does it exist?
- Does the user have access to $id?
- Is the $value in a proper format?
- If it isn't, do you want to change it to a proper format, or throw an error?

There's also an impact on search engines if these URLs happen to be publicly accessible - you probably wouldn't want these indexed. So that's something to consider, also.


Messages In This Thread
Security precautions when updating database row via URL segments - by El Forum - 07-20-2012, 03:31 PM



Theme © iAndrew 2016 - Forum software by © MyBB