Thanks to all for your replies. The encrypt is just what i was looking for.
D- >encrypt on the way up and decrypt it when you use it on your form page to >pull back the record's data > >Bryan Stevenson B.Comm. >VP & Director of E-Commerce Development >Electric Edge Systems Group Inc. >t. 250.920.8830 >e. [EMAIL PROTECTED] > >--------------------------------------------------------- >Macromedia Associate Partner >www.macromedia.com >--------------------------------------------------------- >Vancouver Island ColdFusion Users Group >Founder & Director >www.cfug-vancouverisland.com >----- Original Message ----- >From: <[EMAIL PROTECTED]> >To: "CF-Talk" <[EMAIL PROTECTED]> >Sent: Friday, September 12, 2003 2:52 PM >Subject: ?id=23 > > >> All, >> >> I have an application that passes an id value through a hyperlink that >> the user clicks on in an e-mail. The id feeds the page and extracts >information and populates the form fields with the user's information. >> >> THE PROBLEM: >> If a user is viewing their customized information with their user id=23, >than what would prevent them from view other people's information by editing >the id value to say, id=24? >> >> SOLUTIONS: ??? >> 1) Should I scramble the value in some long string and extract a value >from it? For example for id=23 replace it with id=ei38skdh23skdu83 and pull >23 out of the string? >> 2) Set a cookie that contains the same id value and if the values don't >match kick them out to some other page? >> >> Any suggestions would be great. >> >> D- >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Get the mailserver that powers this list at http://www.coolfusion.com
