Encoding - Decoding Variables 
Author Message
 Encoding - Decoding Variables

To avoid storing a variable in a Session object, I'd Like to encode a user's
ID so it can be attached to the URL and carried with them.  Thing is I want
to bury it in a number or characters; such as -

../../detail.asp?ID=1982831    The User's ID is actually 923

How do you write a VB Script snippet to pull those numbers out when the
script calls for the user's ID?

In case you are wondering why I don't just use the ID by it's self -
Depending on the script they are going into, If the user changes the number
they may be able to view someone else's information.  I'd rather them cause
an error and get sent back to GO (without collecting $200 : )

Thanks for you help!

Matt W.



Sat, 02 Feb 2002 03:00:00 GMT  
 Encoding - Decoding Variables
Hi Matt,
You could use the mid function to extract each character:
    zz = request.querystring("ID")
    id = mid(zz,2,1) & mid(zz,4,2)    'gets 1 chars starting with the 2nd
and 2 chars starting with 4th
In your example then id = "928"
HTH,
Dan


Quote:
> To avoid storing a variable in a Session object, I'd Like to encode a
user's
> ID so it can be attached to the URL and carried with them.  Thing is I
want
> to bury it in a number or characters; such as -

> ../../detail.asp?ID=1982831    The User's ID is actually 923

> How do you write a VB Script snippet to pull those numbers out when the
> script calls for the user's ID?

> In case you are wondering why I don't just use the ID by it's self -
> Depending on the script they are going into, If the user changes the
number
> they may be able to view someone else's information.  I'd rather them
cause
> an error and get sent back to GO (without collecting $200 : )

> Thanks for you help!

> Matt W.



Sat, 02 Feb 2002 03:00:00 GMT  
 Encoding - Decoding Variables
That's a good point.  I kind of thought maybe going through all that would
be more of a hassle then it would be worth.  I 'm not real sure how to get
around that type of situation except by using random Replication IDs - but
depending on the size of the database, that could waste a lot of storage.

Any other thoughts of how to get around it?

Thanks for the Heads Up!

Matt W.

Quote:


>>In case you are wondering why I don't just use the ID by it's self -
>>Depending on the script they are going into, If the user changes the
number
>>they may be able to view someone else's information.  I'd rather them
cause
>>an error and get sent back to GO (without collecting $200 : )

>Until they just create a program that blindly tries all the IDs, from 0
>through whatever.  Mostly, they'll get errors, but under your scheme, they
>should get some valid results back.

>This is a BAD thing.



Sat, 02 Feb 2002 03:00:00 GMT  
 Encoding - Decoding Variables
Hi Matt,
Why not store the users ID in a session variable?
Thanks,
Dan


Quote:
> That's a good point.  I kind of thought maybe going through all that would
> be more of a hassle then it would be worth.  I 'm not real sure how to get
> around that type of situation except by using random Replication IDs - but
> depending on the size of the database, that could waste a lot of storage.

> Any other thoughts of how to get around it?

> Thanks for the Heads Up!

> Matt W.




Quote:

> >>In case you are wondering why I don't just use the ID by it's self -
> >>Depending on the script they are going into, If the user changes the
> number
> >>they may be able to view someone else's information.  I'd rather them
> cause
> >>an error and get sent back to GO (without collecting $200 : )

> >Until they just create a program that blindly tries all the IDs, from 0
> >through whatever.  Mostly, they'll get errors, but under your scheme,
they
> >should get some valid results back.

> >This is a BAD thing.



Sat, 02 Feb 2002 03:00:00 GMT  
 
 [ 4 post ] 

 Relevant Pages 

1. Encoding - Decoding Variables

2. Decode Encoded-word in MIME field mail using VB.net

3. SOURCE CODE FOR ARC/ZIP DECODING/ENCODING

4. encoding and decoding

5. encoding and decoding password

6. Encoding decoding what I think is ASCII/ECDB

7. Samples of Huffman encode/decode?

8. Encode/Decode source sample (esempio di codice)

9. Base64 encoding/decoding

10. Encoding/Decoding

11. Encoding/Decoding Mime, UUENCODE, Printed-Quoteable...

12. Encoding & Decoding

 

 
Powered by phpBB® Forum Software