mysql - Is it bad practice, security-wise, if user could know the primary key id of items -
i populating page list of items db (lets main.htm - each item has link, , opening link display content of item.
i using ajax open items. performance reasons, have added data attribute of id each item in main.htm. if main.htm has 15 items listed, each item have data-id, e.g. item 1 has data-id =1, item 2 has data-id=2
and data-id correspond id column (primary key) in database.
is bad practice, security-wise? if yes, why?
or better practice encrypt numbers , instead of id, assign encrypted id, such xy4lf3k decrypt 1000 in db
this should not insecure way go, long keep in mind to:
- always escape & validate user inputs (remember, $_get param user input, not $_post);
- if resource identified id specific user, check if user accessing it.
otherwise, no problems there.
Comments
Post a Comment