On Mon, Nov 1, 2010 at 11:30 PM, Jeremy Thomerson <[email protected]> wrote: >> > And, of course, it opens you up to doing more security checks.... i.e., you > have editUserProfile.html?userID=123 - now you have to check that the signed > in person is allowed to edit whatever user they are trying to edit (since > they can twiddle the URL). >
That's one more reason why I use UUID's for my object ids. They're harder to spoof. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
