security - Application integrity & url tampering -


People on my site can ask questions and reply can be posted. The question is that to answer a question that is on the / question / title example, the form is submitted on 7/7 of the question ID, along with the example ID / question/post_answer/7.

An answer has been entered here to ensure verification. If not, then you get back to the original URL. Therefore, the post_ answer path is not actually 'seen' by the users but they can use it clearly.

Now I am thinking that if a user changes the ID of the question 8, then he can answer another question.

Since all users have achieved actually is not a security issue, answering another question. But I am thinking - in this scenario, how do you manipulate such kind of URL: accumulating question ID in session and if there is a change, is showing error?

Thoughts?

The session is a way to use another one message authentication code (MAC). Normally you store the code in a cookie or in a portion of URL (i.e. a GET parameter).


Comments

Popular posts from this blog

MySql variables and php -

url rewriting - How to implement the returnurl like SO in PHP? -

Which Python client library should I use for CouchdB? -