questions - Question:how to make url SECURITY with Secure id in a url


I use the following url when I edit a post from the user :

../post/edit/3            //If the id of the post is 3 for example

To avoid that the user modifies the url intentionally, for example /post/edit/5, I use the following logic to make sure the user doesn't edit the post when he doesn't have permission:

if (//user is allowed to edit post){
    //edit post
else {
    throw new AccessDeniedException('You do not have the permission to edit this post');

Is this the general approach that you use when editing a post? Is there a way to do something cleaner so that the user cannot play with the id of the post in the url?


The more I think about it, the more I realize that I have never seen an id in a url like this in a website that is concerned with security. So, I agree we can still use the id and check if the user can show/see this id, but still the user can already do too much. Wouldn't it be better to hash the id, allowing us to generate a new encrypted ID using any available algorithm:

echo hash('md5', 'id_to_edit');

asked Sep 13, 2013 in Java Interview Questions by rajesh
edited Sep 12, 2013
0 votes

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
Anti-spam verification:
To avoid this verification in future, please log in or register.