problem with "inspect element"

1

Friends;

I'm developing an application and I have a manager where the database records are ready. The information is arranged in a table and I have a checkbox for selection of records that can be edited or deleted. This way:

<input name="selecionados[]" id="110" class="iCheck" type="checkbox">

The id is the primary key of the record. What happens to me is that if I modify the value of the id through the "inspect element" I can change or delete any record in the database. This could cause a major problem. To delete I'm using JQuery and $ .post. I could encrypt the value of the id and make it difficult for anyone who wanted to circumvent the system. But what I would like to know is if there is a way to get the original value in html and not the value edited by "inspect element"?

    
asked by anonymous 14.04.2016 / 00:58

1 answer

1

In fact it is not a problem, but it would be if the user manipulated the value of id="110" and changed some registry that he is not allowed to change.

Assuming the system only allows the user to edit proprietary posts, user X can only change the id="1" , id="2" , id="3" content itself. If the X user manipulates the input and attempts to edit the id="4" , it is up to the system to validate the action and block.

In the same hook as the example above, if the user X manipulates the input between the values of the id's that are themselves, it can not be interpreted as error . There are N ways to select an id, it can be via input select, radio, checkbox ... If it does not cause an undue access, inspect element is nothing more than an alternate interface.

>
  

It's up to you to consider inspecting an element and changing the id would cause undue access or just select a valid item from a list of accepted options.

Describe your case further if possible. We can help you better.

    
14.04.2016 / 04:15