how to protect a user update from accessing other users ids

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • fran7
    New Member
    • Jul 2006
    • 229
    #1

    how to protect a user update from accessing other users ids

    Hi,
    I wonder if someone could point me to what it is I might need.

    I am attempting to give users the ability to update their records in an access database. The records have ids.

    What is to stop them from changing the id in the address bar and to view and update someone elses record from the control panel?

    I am entirely new to this and just see the potential problem. Ids are not too unique.

    Thanks
    Richard
    Tags: None
    • jhardman
      Recognized Expert Specialist
      • Jan 2007
      • 3405
      #2
      Originally posted by fran7
      Hi,
      I wonder if someone could point me to what it is I might need.

      I am attempting to give users the ability to update their records in an access database. The records have ids.

      What is to stop them from changing the id in the address bar and to view and update someone elses record from the control panel?

      I am entirely new to this and just see the potential problem. Ids are not too unique.

      Thanks
      Richard
      When someone first logs in, set a session variable that is their ID number: [code=asp]session("userID ") = ID[/code]Then when they go to update, check that the numbers match:[code=asp]if session("userID ") = objRS("ID") then
      'OK to update
      else
      response.write "Hey, this is the wrong record!"
      end if[/code]

        Comment

        • fran7
          New Member
          • Jul 2006
          • 229
          #3
          Thanks, Thats great.
          Richard

            Comment

            Previous template Next
            Working...