| Encrypting URI Segments |
[eluser]dblackherod[/eluser]
People... I am glad that this agenda has attracted this much attention and that @wanwizard is in on the conversation as well. My point is not that controllers should be written for different user groups, neither is it that the system's design is flawed from day one... NO! it seems only @mauricio understands what i'm getting at. All i'm saying is... how can URI segments be safe from unnecessary traversal to access unauthorized resources by unauthorized users without refactoring a sea of code.? The quickest way that comes to thought is URI segments encryption. Another good idea just mentioned is defining what URI segments are allowed for different user groups. I hope this explanation gives us a clear understanding of the agenda. The system design is not flawed because URI segments can be traversed manually, neither is it necessary to write controllers for each user group's functionality; its just so that the CI framework does not handle such for us and as good developers capable of building complex systems, we should be able to figure effective implementation approaches to problems such as this. I still insist that encrypting URI segments is the safest approach to achieving this cause and all that are needed include; 1. A Simple Encryption class Library with encryption and decryption methods 2. A MY_Router class extension overriding the _set_request method 3. A MY_URI class extension overriding the site_url method. A brilliant alternative would be to define which URI segment combinations are allowed for various user groups. But, on second thought, how would module developers know what groups have been created for an instance of the application such that they are able to define URI segments authorizations accordingly? This still leaves the encryption option an undisputed approach. Baseline remains that all I need to know is which Router and URI functions to override because I was able to encrypt and decrypt the URI segments but i became unsure which Router and URI methods to override when i realized the need for uri_to_assoc helper method uses URI segments. I'm also willing to pay someone to make this feature a reality 'cos I was so close to achieving it... |
| Messages In This Thread |
|
Encrypting URI Segments - by El Forum - 03-15-2012, 11:41 AM
Encrypting URI Segments - by El Forum - 03-17-2012, 12:30 AM
Encrypting URI Segments - by El Forum - 03-17-2012, 01:16 PM
Encrypting URI Segments - by El Forum - 03-17-2012, 01:51 PM
Encrypting URI Segments - by El Forum - 03-17-2012, 02:40 PM
Encrypting URI Segments - by El Forum - 03-19-2012, 02:17 AM
Encrypting URI Segments - by El Forum - 03-19-2012, 02:58 AM
Encrypting URI Segments - by El Forum - 03-19-2012, 03:01 AM
Encrypting URI Segments - by El Forum - 03-19-2012, 04:30 AM
Encrypting URI Segments - by El Forum - 03-19-2012, 07:08 AM
Encrypting URI Segments - by El Forum - 03-19-2012, 09:12 AM
Encrypting URI Segments - by El Forum - 03-19-2012, 09:14 AM
Encrypting URI Segments - by El Forum - 03-19-2012, 09:29 AM
Encrypting URI Segments - by El Forum - 03-19-2012, 10:59 AM
Encrypting URI Segments - by El Forum - 03-19-2012, 12:18 PM
Encrypting URI Segments - by El Forum - 03-19-2012, 08:43 PM
Encrypting URI Segments - by El Forum - 03-19-2012, 09:29 PM
Encrypting URI Segments - by El Forum - 03-19-2012, 09:42 PM
Encrypting URI Segments - by El Forum - 03-20-2012, 01:11 AM
Encrypting URI Segments - by El Forum - 03-20-2012, 09:44 AM
Encrypting URI Segments - by El Forum - 03-20-2012, 03:23 PM
Encrypting URI Segments - by El Forum - 03-20-2012, 03:32 PM
Encrypting URI Segments - by El Forum - 03-20-2012, 05:06 PM
Encrypting URI Segments - by El Forum - 03-21-2012, 08:01 AM
Encrypting URI Segments - by El Forum - 03-26-2012, 01:36 PM
Encrypting URI Segments - by El Forum - 10-03-2012, 10:10 AM
|
