Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion pass variable through segments with security
pass variable through segments with security
  • El Forum
    Guest
  •  
#1
05-07-2009, 12:05 AM

[eluser]newbie boy[/eluser]
i need to pass two variables through segments which will be segment 3 and segment 4.

but i need security for this, for i will be passing the id's....

what is the best way to secure it...

hide maybe?

appreciate the help guys...

thanks....
  • El Forum
    Guest
  •  
#2
05-07-2009, 12:49 AM

[eluser]xwero[/eluser]
Hiding is never a good security solution. If you have to pass variables they always are going to be semi public as they are going to be stored somewhere; a cookie, a session file on the server, the post global. Also if you send the variables over an http connection people could grab it.

The safest way is to use a https connection and encrypt the variables.
  • El Forum
    Guest
  •  
#3
05-07-2009, 03:17 AM

[eluser]Evil Wizard[/eluser]
send it in the form action and use a redirect after it's processed to prevent reposts
  • El Forum
    Guest
  •  
#4
05-07-2009, 05:25 AM

[eluser]n0xie[/eluser]
If they're ID's I assume they are integers?

If so you could easily check if the id's passed to the method are integers. If so, then your data is secure.
  • El Forum
    Guest
  •  
#5
05-07-2009, 06:24 AM

[eluser]Michael Wales[/eluser]
What exactly are you trying to secure here? If it's just an ID to content within the database - just check if that content exists and if not throw a 404.

If users are limited as to the content they can see (for instance, you can see id=1 and id=2 but I can only see id=2) you will just need to make a call to the database to confirm authorization. If they are not authorized, throw a 403. This is best accomplished using an extended Controller or a pre-controller hook.
  • El Forum
    Guest
  •  
#6
06-13-2010, 08:50 AM

[eluser]iConTM[/eluser]
Can someone give an example of throwing a 404 with CI?

In the controller class I have something like this:

Code:
function article ($article_id)
{
  $article = $this->model->get_article($article_id);

  if (!$article)
  {
    //throw error 404
    return;
  }

}
  • El Forum
    Guest
  •  
#7
06-13-2010, 09:42 AM

[eluser]pickupman[/eluser]
@iConTM looks like you got this answered already in your other thread.
  • El Forum
    Guest
  •  
#8
06-14-2010, 06:01 PM

[eluser]coolgeek[/eluser]
[quote author="n0xie" date="1241713512"]If they're ID's I assume they are integers?

If so you could easily check if the id's passed to the method are integers. If so, then your data is secure.[/quote]

Is adding zero to the segment sufficient for ensuring that it is an integer? i.e.

Code:
$var = $this->uri->segment(3) + 0;

or casting it to an int?

Code:
$var = (int)$this->uri->segment(3);
  • El Forum
    Guest
  •  
#9
06-20-2010, 04:58 AM

[eluser]iConTM[/eluser]
[quote author="pickupman" date="1276461729"]@iConTM looks like you got this answered already in your other thread.[/quote]

@pickupman: Yes indeed. Smile

The CI error 404 page can be simply accessed by the following method:

Code:
show_404();




Theme © iAndrew 2016 - Forum software by © MyBB