One of the way in which hackers attempt to gain access to restricted areas of a website is via URL manipulation. For example, a simple PHP script to show a record with the ID of 7 from a database might use a URL ending
showrecord.php?id=7. It would be easy for a hacker to change this to
To defend against this problem, you should take steps in several areas:
- Check the owner of every record before displaying it. This means adding a userid (UID) to every record and comparing it to the current user’s ID.
- Use POST rather than GET to send the form data (i.e.
<form action="action.php" method="post">). This prevents URL manipulation, as the data is sent in the HTTP headers and not in the URL.
- Use URL rewriting to mask the variables used.