Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
When I look back my codes that written earlier time, I found something terribly bad.
Whenever I want to delete a record in the database, I did like this :
$.post("deleteAction.do",{recordId:10});
I cannot prevent a malicious user visit my database operation url directly :
deleteAction.do?recordId=10
What’s the solution for this kind of problem ?
It really depends on your data and the checks you do on the server side. For example. If you check if the user is allowed to perform the delete action on that record, it isn’t such a big problem. If you don’t, it means the user can delete the data of other users too. My suggestion would be: