Guriddo » Topic: Security with URL used in jqgrid

Security with URL used in jqgrid

Guriddo
Security with URL used in jqgrid

This topic has 2 replies, 2 voices, and was last updated 15 years, 9 months ago by thlas77.

Creator

Topic
September 15, 2010 at 4:23 pm #77135

thlas77
Participant

Hi all,

I have a question about security in JQGRID.

When I display my grid, the URL generated can be copy/paste in Firebug. for example :

http://www.totosico.com/components/com_myfirstgrid/datasource.php?filter_grille_id=102&filter_grpuser_id=2&_search=false&nd=1284554414177&rows=10&page=1&sidx=clg_place&sord=asc

If I change filter_var1_id = 105 instead of 102, I can retrieve some data I'm not allowed to see (displayed in an XML format, not in the grid…)

So my questions are :

– How to prevent this ?

– Is it the right way to concat the variables in the URL ?

Thanks for your Help

Thierry
Creator

Topic

Viewing 2 replies - 1 through 2 (of 2 total)

Author

Replies
September 15, 2010 at 5:25 pm #96011

OlegK
Participant

You should use server side user authentication and verify on every request whether it is allowed for him to

September 15, 2010 at 8:37 pm #96014

thlas77
Participant

Thanks Olegk for your answer.

Just for your information, I want to use JQgrid with joomla.

In fact, I should verify that the user id is authorised to consult the data of the groupe with id 105. If not, an error message will be displayed.

I have a datasource.php where the query is coded to access to the database to retrieve the data for my grid.

Is it in this file that I have to code the request that userid and groupeid are compatible just before my query for the data?

To get the user id, I usually use in joomla
Author

Replies

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Stay connected with us in your favorite flavor!

Copyright 2014 TriRand LtdAll Rights ReservedRSS