Forums

This topic is locked

Protect it?!? Only clever people need see this.

Posted 16 Oct 2001 18:16:21
1
has voted
16 Oct 2001 18:16:21 Phil Cue posted:
Hi, hope you can urgently help.

After logging in, I have a welcome page for those logged in customers. However this welcome page allows anyone to change the tail ends of the URL:
welcome_ie.asp?id=4

to see another customers record simply by changing _ie.asp?id=4 to _ie.asp?id=14 for example, how would I prevent this. Using your excellent behaviours? I use UD1.

Thanks.

Replies

Replied 16 Oct 2001 18:30:36
16 Oct 2001 18:30:36 Owen Eastwick replied:
On your login page you have set the Form metod to GET, which passes the paramaterers as a QueryString which is then tacked on to the end of the URL parameter as you can see in <b>welcome_ie.asp?id=4</b>.

Change the Form method to POST. Then use Request.Form("textFieldName" to pick up the parameter on the welcome page.

Should do it.

Regards

Owen.

Multiple Parameter UD4 / Access 2000 Database Search Tutorial:
www.tdsf.co.uk/tdsfdemo
Replied 18 Oct 2001 15:46:32
18 Oct 2001 15:46:32 Phil Cue replied:
DOH! Of course...cheers..


On your login page you have set the Form metod to GET, which passes the paramaterers as a QueryString which is then tacked on to the end of the URL parameter as you can see in <b>welcome_ie.asp?id=4</b>.

Change the Form method to POST. Then use Request.Form("textFieldName" to pick up the parameter on the welcome page.

Should do it.

Regards

Owen.

Multiple Parameter UD4 / Access 2000 Database Search Tutorial:
www.tdsf.co.uk/tdsfdemo


Reply to this topic