Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › Data Bridge › SecurityAssist › Update form path visible to all users

View all replies to this thread

Update form path visible to all users

Thread began 5/27/2010 3:50 am by biz295654 | Last modified 5/27/2010 2:30 pm by biz295654 | 1623 views | 2 replies

5/27/2010 3:50 ambiz295654WebAssist

Update form path visible to all users

This is probably a htacess issue, but not sure exactly how to manage it.

Membership site, used Security Assist to create login in and access to a member only folder. Within that folder are pages to be viewed once logged in. All good so far. But also within that folder is a DataAssist updater form so members can change their address, phone, etc. All good so far. BUT, when a user is logged in, and if web savvy, can read the path and their member ID in the browser URL bar, ie, membership_Update.php?mem_ID=13
so if they replace 13 with 22, they would be able to update another member's information.

Did I miss a step in Security Assist? Is there an additional step needed to secure this area?

Thanks for help...

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.