Richard Davey wrote:
Hello Merlin,
Wednesday, November 3, 2004, 2:50:48 PM, you wrote:
M> The system will send out emails to customers with a link where they can change
M> their details. To identify the record, the link has to carry the client id. But
M> if it is obvious that this is the id, manipulation of the id can lead to change
M> any record they like. I don't want to get as far as passwords, in order to keep
M> it simple for the customer.
You could always not rely on the auto inc'd ID for this.
Have an ID column, sure, but you could also have a "LinkID" column (or
similar) which can hold a short random hash of characters. For example
the first 8 characters of an MD5. You send this to the user in their
emails, etc. Then a simple look-up in the DB to see what real ID
matches the Link ID would suffice and you can continue as normal.
Someone could still possibly guess a Link ID, but the longer it is,
the harder it'll be to guess successfully.
This is a technique I use currently and haven't encountered any
problems with it. I have a "UserID" which is the auto-inc MySQL value
for the user, and a "SiteUserID" which is a 32-char MD5 and that is
what I use everywhere on the site - in emails, links, view/profile
pages, etc.
Best regards,
Richard Davey
Thank you Richard. This is an excellent point.
Best regards,
Merlin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
