shinkumesatsu1
|
| Posted: 09/11/2004, 11:00 PM |
|
Hello. I'm trying to make an Add Item page. Each item will be assigned to the user that created it. I tried placing a label to retrieve the username but the username is not added to the record when the form is submitted. So, I made a hidden field and a label so that the username can be added. My question is, is it possible to tamper with the hidden username entry? I tried replacing it after saving the file and viewing its source but it did not work.
Does that mean it is already secure?
Thanks
|
|
|
 |
fsibaja
Posts: 10
|
| Posted: 09/11/2004, 11:21 PM |
|
If you think that somebody can cheat you , then you can't trust in anything that they send you througth the POST or the GET (even if there is a "hidden" field). If you want to assure that the insert will be done with the user ID, take it from Session. Try using a custom insert and set the column user id with the UserID Session variable. .
_________________
Fernando Sibaja |
 |
|
|
