How do I protect the url from a user changing one of the param/value pairs?
Thanks.
+6
A:
You can't.
You need to validate them. You should make sure your page accepts only valid input for each of the parameters. "Valid" may mean many things, like "Does the user have access to view this" and so on.
Noon Silk
2010-10-11 23:12:04
Yes, you can. See my answer.
SLaks
2010-10-11 23:16:37
no, you can't. You can only detect it. anyone can mess with the address bar. and if you hide that, anyone can intercept and mess with it in the browser's developer tools, or by using a proxy.
John Gardner
2010-10-11 23:31:28
@Slacks: You display a disappointing lack of understanding of your solution if you think that it means "you can". You strictly can't (otherwise, you don't have a webserver). Your approach is validation, like I said above.
Noon Silk
2010-10-12 00:14:25
+1
A:
You can't. It's by definition an external interface. If your system's security depends on this, you should re-think how it's done.
Bruno
2010-10-11 23:12:22
+2
A:
You could encrypt them or hash them and persist the real value cross request.
Jeroen
2010-10-11 23:15:34
+3
A:
You can add an HMAC hash of the querystring using a secure random key stored only on the server, then verify the hash on every request.
SLaks
2010-10-11 23:16:23
that doesn't prevent anyone from changing anything. It only allows you to *detect* that someone changed something.
John Gardner
2010-10-11 23:30:34
@John: After detecting it, you can stop immediately and return a blank page. If the user can't get any good out of changing it, I would consider that as being unable to change it.
SLaks
2010-10-11 23:32:01
yes, but the question was how to stop a user from doing something. You can detect it, you can recover from it, but there's no way to *prevent* it.
John Gardner
2010-10-11 23:35:30
@subt13 Glad to hear that, since the only way to actually stop them doing so entirely, would be to either mess up their machine or break their fingers ;)
Jon Hanna
2010-10-12 00:00:05
It's important to understand that the very fact you even *have* this solution available means you *cant*. It's an important prncipal to understand that any input data can be changed, and thus you need to implement a strategy to protect against it (such as, as you suggest, a HMAC). But in doing something like this, you need to be very careful not to do it wrong. (This is not trivial).
Noon Silk
2010-10-12 00:13:42
Good solution to a problem which can't be stopped... Validation is the way forwards in the respect, as even by using POST you could change the vars being sent to the server. Another approach would be to store vars in the session, and then only your code can easily change the values.
JD
2010-10-12 03:58:52