[Javascript] Maximun length of an id
Terry Riegel
riegel at clearimageonline.com
Tue Sep 11 12:17:07 CDT 2007
The reason for encrypting is because the id would "mean" something to
the server, and someone could determine what it means to the server
and change it to get the server to do something the page never wanted
it to do.
I think I can illustrate by showing an example without an encrypted id.
<div class="editable" id="recordid-01234">
This is the data from my database. It is record number 01234
</div>
If I take this example and then write some snazzy Javascript to post
new data to the server, then I have just exposed my database. All
someone would have to do is determine how my post is working and
change recordid-01234 to recordid-01231 or something like that.
Does that make sense?
Terry
On Sep 7, 2007, at 3:38 PM, Terry Riegel wrote:
> Hello all,
>
> I am working on a text editing mechanism for my web sites. I am
> looking at something like
>
> <div class="editable" id="someidsotheserverknowswhattoupdate">
> My editable text will be here
> </div>
>
> I plan on encrypting the ID so that it couldn't be meddled with and
> save to some other area of the site. I have several ideas for how
> this will work, and am open to any suggestions on that aspect
> (encryptng the id that is).
>
> My main question for this group is, is there any limit on the number
> of characters that can be found in an ID attribute?
>
>
> Thanks,
>
> Terry Riegel
> _______________________________________________
> Javascript mailing list
> Javascript at lists.evolt.org
> http://lists.evolt.org/mailman/listinfo/javascript
>
More information about the Javascript
mailing list