Stories
Slash Boxes
Comments

NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

use Perl

All the Perl that's Practical to Extract and Report

Primary Keys More | Login | Reply

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

interesting (Score:1)

by gav (2710) on 2003.04.29 14:13 (#19581) Homepage Journal

How do you work around that? For example, if you were showing a list of things to a user and wanted them to select something, I'd have internal IDs visible. They'd see:
/script/select?id=1
I'm not quite sure what the problem is, they could always edit the url to change the ID but there should be no chance that they can work around permissions this way.

Reply to This
- Re:interesting (Score:3, Interesting)
  
  by Ovid (2709)
  
  Sorry, I was unclear. The id is typically in the URL or in a hidden field and that's fine, but it shouldn't be showing up in a table. It's not information that the user needs or can do anything with, but it can be tiring telling the user that it really doesn't mean anything and "no, you can't change it".
  - Re:interesting (Score:2, Informative)
    
    by gav (2710)
    
    That makes more sense now :)
    I worked on a system where the client was paranoid that people were able to see database IDs in hidden fields and change them. I wrote an extra layer that used 8 character random strings as IDs and it was a huge PITA.

Get More Comments

Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.