-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thorsten,
[EMAIL PROTECTED] wrote: > However, what happens if a user logs > in, but then submits an arbitrary id - this would enable him to see orders > from > other users! How can such security lacks be avoided best? I'm assuming that you are storing all of this in a relational database. The best thing is to have orders linked back to the users who "own" them. Something like this: user - ---- id order - ----- id owner_id (FK to user.id) Now, whenever you lookup an order for a user, make sure that you compare the owner_id to the user's authenticated user id. If they don't match, you can throw an access error. Better yet, just tell the user that the requested order doesn't exist. You can write simple SQL to do this, assuming you only want to prohibit access (not log suspicious attempts to access data): SELECT (whatever) FROM order WHERE id=? AND owner_id=? If the owner doesn't match the order, you won't get any records back, and you can tell the user that no such order exists. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFnQkS9CaO5/Lv0PARAuBtAKC9mMj+5N+h6cPxd+tPvRJsIV6bNQCeJAnN CBUe80k6COn7RrNkXG1pPHM= =Pco4 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
