Security approach in web application
Posted
by meep
on Stack Overflow
See other posts from Stack Overflow
or by meep
Published on 2010-05-18T09:48:15Z
Indexed on
2010/05/18
10:10 UTC
Read the original article
Hit count: 287
Hello everyone.
I am designing a web application in ASP.NET / C# where each registered user has the ability to add/modify/delete rows based on their user-id.
Take this example:
I am going to edit my route on the page /route.aspx?routeid=854
which belongs to me (user-id: 1).
But because I am a curious guy I try to access /route.aspx?routeid=855
which belongs to another user (user-id: 2).
How can I best avoid people from accessing other peoples data? Should I send each user id (from session) with each database-call, should I validate user/password on every page load or what is the best and most secure approach?
I hope I made this clear enough.
© Stack Overflow or respective owner