View Single Post
  #1 (permalink)  
Old August 17th, 2009, 04:46 PM
Steve777 Steve777 is offline
Authorized User
Join Date: Jan 2005
Location: , , .
Posts: 46
Thanks: 0
Thanked 0 Times in 0 Posts
Default Unique identity string for data records


I am writing a classic ASP application, and need to display a web page to which is passed (in the query string) the identity field of a record in my database. Currently, these are auto-numbered identity fields (value of 1,2,3...). However, if I do this, anyone can take a guess at a value and attempt to hack into the details for a record they should not have access to. Am I right in thinking that the very long alphanumeric strings you sometimes see as values in a query string are a way to combat this problem? If so, what is the best way to generate such a string for the "identityString" field of a record, ensuring it is unique? Otherwise, please can you tell me how to address this issue so as to provide the appropriate security for my data.

Many thanks.
Reply With Quote