So I have a page for editing posts. Let’s say the user goes to site.dev/post/edit/104 to get a form populated with all data for that post from the database.
I store the post id in a hidden field so it’s easier to access for some ajax components I have on the page.
Now, I can just open up FireBug and alter the post id in the hidden field no problem. What’s to stop a malicious user from making a simple script that just changes the post id and and overwrites every post id in the database with whatever they filled out in that form?
Granted, the user does have to be authenticated to access the page, and I do validate on the server side to make sure the post ID and other fields are holding acceptable values, but as long as the post id is an integer, it will update them all. I suppose this is still an issue with it being passed by query strings in the URL, but then the page at least loads all the content.
I’m a little confused on this and I can’t really think of a more ‘secure’ alternative to this right now. Is there some way to prevent this?
I am building with Codeigniter if there are any suggestions related specifically to it.
In order to make your variables more secure you can use the CI’s Encryption Class. You just have to set an encryption key in your config file, load the library in your controller & encrypt the ID with the following code:
So, when you print the URL, instead of printing directly the id as an integer, print the encrypted_id. The user will have no idea of what this means and, as long as it doesn’t have your key, it can’t decode the id 😀
When you receive the encoded id, you can decode it by using the decode() method of the encryption class.
For more information visit:
http://codeigniter.com/user_guide/libraries/encryption.html