| general URL issue |
[eluser]scaryjack[/eluser]
hello there, IsnĀ“t there a way to "hide" in the URL which controller(with parameter) is called? An example: right now I have implemented an user-articel page. You can read articles by calling the controller and pass the article-type as id(for sorting). So if you want to see all "news" article you would call the controller with showArticles and also pass the id(e.g. 1). in the URL you the see: http://anyURL.com/index.php/showArticles/1. is there a way to hide the last part(including the controller)? I see there some security problems...If you look at the URL you just can play wih the parameters directly and the maybe jump to some pages which should not be allowed to the user. By hiding the controller this would be safer. Since there are also no real before/after filters like in ruby or cake, you cannot check before each function call if the user is allowed to see the page. Do you have maybe ideas to avoid/imporve this |
| Messages In This Thread |
|
general URL issue - by El Forum - 07-21-2008, 04:56 AM
general URL issue - by El Forum - 07-21-2008, 05:06 AM
general URL issue - by El Forum - 07-21-2008, 05:45 AM
general URL issue - by El Forum - 07-21-2008, 05:55 AM
general URL issue - by El Forum - 07-21-2008, 06:29 AM
|
