uri quistion

#1
[eluser]gamshid[/eluser]
hello guys

i wanna to ask a quiestion

if i have a uri like this ...../index.php/articles/view/2

and i wanna to prevent any user from exchanging the id # above to 1 or maybe un existed no in the database and revealing something undesired .

what i should do ?

thank you so much Big Grin

#2
[eluser]clip[/eluser]
the only thing I can think of at the moment is using $_SERVER['HTTP_REFERER'] but keep in mind this can't really be used for overall security. You can read more about it here You could possibly do something with flashdata and the session class. I guess you could possibly set a flashdata property and make sure that property is present on the next page load before fetching from your database.

#3
[eluser]bigtony[/eluser]
You can't prevent someone from typing whatever value they want into the address bar. So what you need to do is always validate that the value that is sent is valid for the context (e.g. that it exists on the database, or that they are logged in and allowed to see that value).

Never trust user input!

#4
[eluser]gamshid[/eluser]
@clip thank you so much your post was very helpful

@bigtony : do u mean that i shoul take the uri and check first about the variables in it and see if they dont exist i redirect him to some kind of error page ?

#5
[eluser]bigtony[/eluser]
[quote author="gamshid" date="1257262738"]@bigtony : do u mean that i shoul take the uri and check first about the variables in it and see if they dont exist i redirect him to some kind of error page ?[/quote]
Yes! Always check all user input (uri, post data, etc.) BEFORE you do any actual processing. Assume it will be bad unless it proves itself to be valid. Only when you know it is valid should you do your main work.

#6
[eluser]saidai jagan[/eluser]
Other wise u can use the encrypt/decrypt methods of CI


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.