| url tweaking |
[eluser]Unknown[/eluser]
I am developing an application that allows users to view certain records according to their subscriptions and permissions .... How can I easily prevent users from tweaking a url and viewing records that they are not subscribed to ? Using codeigniter a record can be accessed using ... http://mysite/mycontroller/myfunction/1000 How to prevent http://mysite/mycontroller/myfunction/1001 from being viewed ? regards, Steven M
[eluser]CroNiX[/eluser]
Make sure the current logged in users permissions allow them to view it? You mention they "view certain records according to their subscriptions and permissions", so it sounds like you have some sort of mechanism for only showing users things they should be allowed to see while hiding it from others. You just need to do the other half and wherever /mycontroller/myfunction is, make sure the user requesting the page/data has permission to do so. So 1) Only show the links to the content the user has permission for 2) Only show the content to users who have permission to do so It sounds like you are only doing #1. |
| Welcome Guest, Not a member yet? Register Sign In |
