[eluser]ptvw2011[/eluser]
Hello
I am building an application which incorporates CRUD. So to delete a document I will pass the docID in the URL. so myapp.com/controller/docID.
I realise that this is very insecure, so I test docID against the session userID in the database and return false if its invalid and redirect the user so people cant just adjust the ID and start deleting random documents.
My question is: 'is this ample security for a public accessible system?'
if not, what other methods could I use?
sorry for my poor English I am not a native speaker
Thanks
