[Catalyst] Encrypt /Decrypt URI
Harshal Shah
harshal.shah at gmail.com
Sat May 19 04:39:19 GMT 2007
> Ya, exactly. /item/3 isn't really the request -- it's <some hard to
> guess md5 session> plus /item/3. Does adding a *second* md5 hash do
> much more good?
>
well ..session id would authorize user to use the application . we
would need additional query to determine if "/item/3/view" is
accessible to user. something like "item.userid = $c->user->userid" in
your query would serve the purpose.
I was trying to avoid the query as far as possible by obfuscating
URLs ..if user goes through this check ..u need to have a similar
query to do actual authorization.
--
Harshal Shah
More information about the Catalyst
mailing list