I have angularjs application. I have edit form where url in routing is app/edit/:id. When I go to app/edit/5 then I can edit object where id = 5. But when I change manually url link to app/edit/6 then app loads object where id = 6. And it's my problem because my user can't edit this object. How to detect this situation? How to block it? Any options? Solution can be from other js framework.
1 Answer
The technique you are looking for is tamper-proofing your query string.
The idea is that you generate your query string on a server, calculate its hash value, add that hash to the query string and then check the hash on the server when user clicks on or somehow uses that link. However, it may still be prone to attacks.
Anyway, tamper-proofing query strings is not a common practice across the web, and should not be used as a replacement for authorization and authentication, so you should ask yourself, do you really need that?
