Re: Passing information between pages
From: Chris Jackson (chrisj_at_mvps.org)
Date: 07/18/03
- Next message: raghu: "problem when i try to start a ASP.NET application"
- Previous message: Chris Jackson: "Re: ASP.Net Security and SQL Server access"
- In reply to: Tim Almond: "Passing information between pages"
- Next in thread: Geof Nieboer: "Re: Passing information between pages"
- Reply: Geof Nieboer: "Re: Passing information between pages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Jul 2003 16:27:09 -0400
Well, a querystring is about the easiest thing there is to hack on a web
page. I assume you have the user name stored somewhere - just write a
function that authorizes the user and the case together every time you open
up the Update Case form. The case can be passed in however you want (forms,
querystring, whatnot).
-- Chris Jackson Software Engineer Microsoft MVP - Windows XP Windows XP Associate Expert -- "Tim Almond" <anon@anon.co.uk> wrote in message news:OKr60HSTDHA.1588@TK2MSFTNGP11.phx.gbl... > I am currently building a site, and we have a number of users that can have > a particular priveledge, but each user has their own set of cases that they > can update (identified by case ID). > > When the user clicks on a case, it needs to pass this to an 'update case' > form. > > I want this to be secure, so that users can't spoof a message and update > someone else's case. In old ASP, I would pass it in the querystring and > revalidate the ID at the other end against their session ID. > > >
- Next message: raghu: "problem when i try to start a ASP.NET application"
- Previous message: Chris Jackson: "Re: ASP.Net Security and SQL Server access"
- In reply to: Tim Almond: "Passing information between pages"
- Next in thread: Geof Nieboer: "Re: Passing information between pages"
- Reply: Geof Nieboer: "Re: Passing information between pages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
