Oh and just to elemenate confusion Im trying to come up with a SAFE method..not a save method.
----- Original Message -----
Sent: Tuesday, August 12, 2003 10:48 AM
Subject: Re: [KCFusion] security question

Im sorry I was in a hurry and should have explained this better. For the first time I am faced with allowing users to delete info from a database. I am trying to come up with a save method for doing that. In other words I don't want people to just type random numbers in a query string and start erasing stuff. Most of the measures I have come up with so far are easily defeated. I had considered putting the primary key of the tuple to be deleted in a hidden form field but if you can alter the info sent in a post request (and I think I read somewhere that you could) then that measure is kinda lame too. the best I've got so far is that the user can only delete those tuples that are related to their login.
----- Original Message -----
Sent: Tuesday, August 12, 2003 11:33 AM
Subject: RE: [KCFusion] security question

I don't know of a way to say make IE send different request headers, but if you're trying to test something, wouldn't cfpost work?
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Adaryl Wakefield
Sent: Monday, August 11, 2003 1:44 PM
Subject: [KCFusion] security question

Is is possible to alter the information that is sent in the headers of a POST request?

Reply via email to