Support the ongoing development of Laravel.io →
Security Database Eloquent
Last updated 2 years ago.
0
Solution

Here's some of the work around I can think of.

  • Validation check before updating database. (Ownership, Permission, etc)
  • If you have to use hidden field, at least encrypt ID.
  • Avoid using ID with predictive symbols such as 1, 2, 3, ... n, a01, a02, a03, etc.
  • Use session to store the current editing record from server side instead of relying on client side.
  • Security token
Last updated 9 years ago.
0

I have ended up going for storing the ID in the session but will certainly have a look at the other options.

Thought about use MySQL UUID() function.

Thanks

0

Sign in to participate in this thread!

Eventy

Your banner here too?

minerbog minerbog Joined 15 Nov 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.