Home/ Questions/Q 6036691
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T05:57:43+00:00

I’m writing a web app in PHP (using Codeigniter). I’m just wanting some security

  • 0

I’m writing a web app in PHP (using Codeigniter). I’m just wanting some security advice here. I have a task controller with a delete method. The link to delete the task is then http://localhost/task/delete/12345

So I’m wondering how to handle the fact that people have the ability to modify the link, thus deleting another task (probably not their own).

So my options I guess are to always do a check that the user owns that particular task before deleting it, or some sort of ID hashing?

Does anyone have any suggestions?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So my options I guess are to always do a check that the user owns that particular task before deleting it

    that is the usual, and best, approach, yes. Hashing the ID is too insecure for many use cases: The link containing the hash is stored in the browser’s history, might get E-Mailed around, be present in REFERER headers for outgoing links….

    Either check ownership, or use a full-blown Access Control List, depending on how complex the permissions are.

    • 0