On Wed, Nov 17, 2010 at 8:21 AM, Nicholas Kell <n...@monkeyknight.com> wrote: > > > On Nov 17, 2010, at 6:51 AM, Don Wieland <d...@dwdataconcepts.com> wrote: > >> Hello all, >> >> I have recently built a site using PHP. I was a little loose with GET and >> POST methods because I was using it for personal/private use. Now I am >> thinking of going public and allow different companies to use the site. I >> want to secure and hide as much data as possible to guard against user abuse. >> >> I have several instances where I use the GET method to pass IDS. I can use a >> POST but even that is visible in the source. How does one allow for >> processing but never really let the user see that actual ID? Do I use a HASH >> for IDs? Do I need to get more familiar with SESSION VARS. >> >> I am doing some experimenting. Any words of wisdom or resources would be >> helpful. Thanks! >> >> Don Wieland >> D W D a t a C o n c e p t s >> ~~~~~~~~~~~~~~~~~~~~~~~~~ >> d...@dwdataconcepts.com >> Direct Line - (949) 336-4828 >> >> Integrated data solutions to fit your business needs. >> >> Need assistance in dialing in your FileMaker solution? Check out our >> Developer Support Plan at: >> http://www.dwdataconcepts.com/DevSup.html >> >> Appointment 1.0v9 - Powerful Appointment Scheduling for FileMaker Pro 9 or >> higher >> http://www.appointment10.com >> >> For a quick overview - >> http://www.appointment10.com/Appt10_Promo/Overview.html >> > > A hash is useful, but I think you are on the right track with session vars. > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
I use both. Hashes to id the record, and session vars to hold the user permission sets. -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
