CUTCODEDOWN
Minimalist Semantic Markup

Welcome Guest
Please Login or Register

If you have registered but not recieved your activation e-mail in a reasonable amount of time, or have issues with using the registration form, please use our Contact Form for assistance. Include both your username and the e-mail you tried to register with.

Pages: [1]

Author Topic: Security and Pagination...  (Read 530 times)

GrumpyYoungMan

  • Hero Member
  • *****
  • Posts: 792
  • Karma: +8/-0
    • Grumpy Young Man
Security and Pagination...
« on: 24 Feb 2021, 04:12:52 am »
I remember Jason saying admin functions should be sent via _POST and not rely on _GET but does that also go for Pagination? We don't need to worry about the search engines as this is for admin pagination only...
Logged
Trying to learn a new trick to prove old dogs can learn new ones...

Total Novice have-a go Amateur Programmer - not sure that is the right thing to say... but trying to learn...

John_Betong

  • Full Member
  • ***
  • Posts: 218
  • Karma: +24/-1
    • The Fastest Joke Site On The Web
Re: Security and Pagination...
« Reply #1 on: 24 Feb 2021, 10:52:16 pm »
I think the critical difference is that the get parameters can be manipulated and could be a security risk.

Pagination usually accepts integers and get parameters require converting from their string defaults so using post is not essential.

Just my two Satang :)
Logged
Retired in the City of Angels where the weather suits my clothes

GrumpyYoungMan

  • Hero Member
  • *****
  • Posts: 792
  • Karma: +8/-0
    • Grumpy Young Man
Re: Security and Pagination...
« Reply #2 on: 25 Feb 2021, 01:43:06 am »
Quote from: John_Betong on 24 Feb 2021, 10:52:16 pm
I think the critical difference is that the get parameters can be manipulated and could be a security risk.

Pagination usually accepts integers and get parameters require converting from their string defaults so using post is not essential.

Just my two Satang :)
Thanks!! :)
Logged
Trying to learn a new trick to prove old dogs can learn new ones...

Total Novice have-a go Amateur Programmer - not sure that is the right thing to say... but trying to learn...

Jason Knight

  • Administrator
  • Hero Member
  • *****
  • Posts: 1057
  • Karma: +188/-1
    • CutCodeDown -- Minimalist Semantic Markup
Re: Security and Pagination...
« Reply #3 on: 25 Feb 2021, 06:06:02 am »
Agreed. This isn't "security" data, nor does it seem to be anything that performs an actual command (add, delete), it's just browsing. So long as you sanitize the number, I wouldn't worry about it.

Just don't be passing things like "delete this record #" via GET or the URI. More mundane actions that don't perform actual changes? Then it's fine.
Logged
We are all, we are all, we are all FRIENDS! For today we're all brothers, tonight we're all friends. Our moment of peace in a war that never ends.
Pages: [1]
 

SMF spam blocked by CleanTalk

Advertisement