pass variable through segments with security

#1
[eluser]newbie boy[/eluser]
i need to pass two variables through segments which will be segment 3 and segment 4.

but i need security for this, for i will be passing the id's....

what is the best way to secure it...

hide maybe?

appreciate the help guys...

thanks....

#2
[eluser]xwero[/eluser]
Hiding is never a good security solution. If you have to pass variables they always are going to be semi public as they are going to be stored somewhere; a cookie, a session file on the server, the post global. Also if you send the variables over an http connection people could grab it.

The safest way is to use a https connection and encrypt the variables.

#3
[eluser]Evil Wizard[/eluser]
send it in the form action and use a redirect after it's processed to prevent reposts

#4
[eluser]n0xie[/eluser]
If they're ID's I assume they are integers?

If so you could easily check if the id's passed to the method are integers. If so, then your data is secure.

#5
[eluser]Michael Wales[/eluser]
What exactly are you trying to secure here? If it's just an ID to content within the database - just check if that content exists and if not throw a 404.

If users are limited as to the content they can see (for instance, you can see id=1 and id=2 but I can only see id=2) you will just need to make a call to the database to confirm authorization. If they are not authorized, throw a 403. This is best accomplished using an extended Controller or a pre-controller hook.

#6
[eluser]iConTM[/eluser]
Can someone give an example of throwing a 404 with CI?

In the controller class I have something like this:

Code:
function article ($article_id)
{
  $article = $this->model->get_article($article_id);

  if (!$article)
  {
    //throw error 404
    return;
  }

}

#7
[eluser]pickupman[/eluser]
@iConTM looks like you got this answered already in your other thread.

#8
[eluser]coolgeek[/eluser]
[quote author="n0xie" date="1241713512"]If they're ID's I assume they are integers?

If so you could easily check if the id's passed to the method are integers. If so, then your data is secure.[/quote]

Is adding zero to the segment sufficient for ensuring that it is an integer? i.e.

Code:
$var = $this->uri->segment(3) + 0;

or casting it to an int?

Code:
$var = (int)$this->uri->segment(3);

#9
[eluser]iConTM[/eluser]
[quote author="pickupman" date="1276461729"]@iConTM looks like you got this answered already in your other thread.[/quote]

@pickupman: Yes indeed. Smile

The CI error 404 page can be simply accessed by the following method:

Code:
show_404();


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.