DEVHIDE
Login Or Sign up

How to prevent someone misusing routing systems?

52 Views Asked by At

I'm using a routing system. You can use the url to do some quick updates etc, without having to create a page for it. I believe this to be very effective. Though, how can I prevent a user misusing it?

This line updates a users account:

http://localhost:8080/Basic/Route/User/update/permissions>1/29

Class: User
Method: update
Set permissions => 1
Where id is 29

It works very nice, but any user could be able to type this in his URL if he knew in what way the system works.

Are there any ways to prevent misuses like this one?

Thanks!

php oop routes misuse
Original Q&A
2

There are 2 best solutions below

3
On BEST ANSWER

You should implement User Authentication, then check if user is logged in and if he has required permissions. I don't see any other way to do it simpler.

0
On

Add a CSRF token and it might be fine. I would also make it a POST request instead of GET if it isn't already.

If you don't secure your URLs/forms this way users might be tricked into performing actions they didn't intend to (e.g. by visiting a link from another website or an email).

Related Questions in PHP

Related Questions in OOP

Related Questions in ROUTES

Related Questions in MISUSE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.