Access privileges based on user login
I have a simple but effective web app in production now and I need to tighten up the security.
It includes a simple "Results" and "Detail" page - the Results page lists a summary of records pertaining to that company, based on their login. Clicking a specific link takes the user to the detail page for that record.
The address bar at this point will show the the Querystring:
http://DOMAIN_NAME.com/DetailPage.asp?record=3
I need to prevent the user from accessing unauthorized records by altering the record number in the address bar.
I'm not using a Form in the Results page, so HTTP POST is not an option.
Basically I need to implement some sort of security profiles for each customer, so that they can't see other company's records. I'm hoping there is a Dreamweaver Extention out there that can help me do some or part of this.
Thanks
Comments
Security using Sessions, not URL
If the simple Username created is not enough, create an additional session from a table value so you can then filter your recordset without passing the URL value, and thus people will not be able to change the ID, as they will not know what the filter is.
I have a free tutorial on both setting up the Dreamweaver login behaviour and creating additional sessions from it.
Have a look at
http://www.cgw3.co.uk/tutorials/list.asp?CategoryID=3
ps
You must me logged in to write a comment.