sprateek Posted February 1, 2011 Share Posted February 1, 2011 Hello All, I have created a web application. Unfortunately at development time I forgot to encrypt my query parameter. So generally my apply URL shown like : http://mysite.com/myprofile.php?userId=2 So here any user can guess some other Ids because User Ids are not encrypted in URL. Is there any simple way to do it. I have more than 100 php pages and implementing ecry/decry logic on each page is time consuming So is there any way around? Regards, Prateek Quote Link to comment Share on other sites More sharing options...
AbraCadaver Posted February 1, 2011 Share Posted February 1, 2011 Whay does it matter? What can they do with userId? I'm sure you have some authentication/authorization system in place to limit who can see/do what. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.