Depends if you validate access at the row or column level in your database.
If you do, then a User playing with a URL will still not see anything they
shouldn't. If you don't, then someone who wants to can still break the
encryption and troll your data.
Andy
and it's not that little....take this example
a page displays user specific medical record data and take URL param
containing user_ID
don't encrypt user_ID in URL
-any shmuck can alter the value of user_ID to see anyone's data
do encrypt user_ID in URL
-same shmuck would not be able to make such a chnage as the user_ID would
not decrypt properly and the query would fail
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
