寻找一种在用户选择要编辑的记录时隐藏id的好方法。 [英] Looking for a good way to hide id when user selects a record to edit.
问题描述
我的心态是你永远不应该在视图中向用户提供任何ID。当用户需要更新个人记录时,这会出现问题。 Razor视图会自动为您提供/ customer / edit / 5字符串。这意味着用户可以转到链接并将5更改为其他内容并查看/编辑信息。这是一种不安全的方法。我看过加密,但那里没有很多好的例子。我可以使用记录独有的不同列,但是对于每个需要它的表都没有该选项。我希望它是自动生成的可能添加另一列,并让它放一个我可以用来识别记录的字符串。我不知道该怎么做,也不确定这是不是最好的方法。如果有人能告诉我实现这一目标的最佳方法是什么,那将是一个很好的,无论是单独的列还是某种加密方法。我发现了一个很好的加密示例,它是一个较旧的帖子,但并不完整。我将分享以下链接。
感谢你的帮助。
我的尝试:
这个链接是我正在看的例子。我缺少的是如何使用它们提供的代码加密/解密。这部分是唯一被遗漏的部分,由于某种原因,这个人声称他不能显示加密代码。
地穴
I am of the mindset that you should never give a user any ID in a view. This brings up an issue when the user needs to update there personal records. The Razor view automatically gives you a string of /customer/edit/5. That means the user can go to the link and change the 5 to something else and view/edit there information. This is an unsecure method. I have looked at encryption but there is not very many good examples out there. I could use a different column that is unique to the record however there is not that option for every table that needs it. I would like it to be auto generated maybe add another column and have it put a string that I could use to identify the record. I am not sure how to do this and not sure if it is the best way to go. If someone could tell me what the best way to achieve this is that would be great, whether it be a separate column or some encryption method. I found a good example of encryption, it was a older post and was not complete. I will share the link below.
thanks for your help.
What I have tried:
The link is to the example I was looking at. What I am missing from it is how to encrypt/decrypt with the code they provide. This part is the only part that was left out and for some reason this person is claiming that he cannot show encryption code.
Crypt
推荐答案
一个选项是利用身份验证/授权来验证最终用户拥有的权限。
唯一的呼叫/可能不需要的页面/视图是只读的公共访问。
One option to this is to utilize Authentication/Authorization to verify what permissions the end-user has.
The only calls/pages/views that may not require this is public-access read-only.
这篇关于寻找一种在用户选择要编辑的记录时隐藏id的好方法。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
