2 Jul 15:56
protecting rotating numbers in a URL
From: J Amuse <jamuse <at> gmail.com>
Subject: protecting rotating numbers in a URL
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-07-02 13:59:27 GMT
Subject: protecting rotating numbers in a URL
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-07-02 13:59:27 GMT
I have an app which uses rotating numbers to keep track of different clients, i.e. requesting /client?id=123, /client?id=124 etc. will allow any authenticated user to view any clients details. For various reasons we need to virtually patch this until in can be properly fixed in the next production cycle. I thought of fixing this via mod-security catching the 'id=###' in the server response and encrypting it on the way out and decrypting it before handing it off to the server on the way back in. Is mod-security the right tool to implement this? Can someone point me to some documentation that explains how to implement this?
Thanks
- Jay
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ mod-security-users mailing list mod-security-users <at> lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mod-security-users
RSS Feed