mysql-php User Management system is through the Get pass ID past the deletion of the user, in case someone else randomly change the ID will not be wrong operation, how to prevent this problem??

Source: Internet
Author: User
Tags csrf attack
PHP User Management system is through the Get pass ID past the deletion of the user, in case someone else randomly change the ID will not be mistaken operation, how to prevent this problem?? Are there any other options besides post?

Reply content:

PHP User Management system is through the Get pass ID past the deletion of the user, in case someone else randomly change the ID will not be mistaken operation, how to prevent this problem?? Are there any other options besides post?

Really want to change, you post is not crest matter ah, simulate a post operation is completed! The key is still the permissions, before deleting verify that the current account has delete permissions.
If you are worried about deleting the problem, you can only add the Recycle Bin function and add a field to the table trash . The user is deleted trash true , and does not appear in the page, the administrator after review think can be deleted from the database deleted.

Before the delete operation, determine whether the administrator of the operation delete User has permission to delete this ID corresponding to the user.

Before the deletion, it is possible to delete the operation as a logical deletion, and the operation of the tombstone is reversible.

Add token validation.

That's right, first of all, to confirm the deletion before deleting the permission. Then the post will carry a token to prevent CSRF attack

1. Instead of deleting from the database, set a field so that it does not display
2. Use Tokenstirng+tid+time certain encryption method

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.