I know I beat security like a dead horse, but.... If my app generates a menu specific to the user, i.e., a project list that they belong to, then instead of creating a link to the project.do?id=25, do you think it would be secure enough if I passed a huge "certificate" instead that had an hour time limit on it? The link would instead be:
project.do?id=AJEIKL46642K32343OIN4 (Where the project uid is hashed with a timestamp and their role as the param) I know some developers use it when they are securing sites that span multiple servers, but for this, it would prevent redundant db access at best. Does anyone else use this method? Jacob Hookom Comprehensive Computer Science University of Wisconsin, Eau Claire --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
