Discussions

Expand all | Collapse all

Replace record ID with other RNG based field for URL hacking

  • 1.  Replace record ID with other RNG based field for URL hacking

    Posted 21 days ago
    Edited by G.Macri G.Macri 21 days ago
    Hi,

    The long and short of it is, i'd like to obfusticate the RID portion of a URL for an edit record with something a little more random. 

    The purpose is to stop random searching of records via URL hacking where the user could change the &rid= portion of the URL. However, in my app, i have enabled EOTI users to "Save" their progress on a form, which would email them a link to edit the record they were just editing. 

    So essentially, i was wondering if i could make a different reference in the URL which is harder to guess than RID



    ------------------------------
    GMacri
    ------------------------------


  • 2.  RE: Replace record ID with other RNG based field for URL hacking

    Posted 21 days ago
    am idiot, forgot about &key=[Field to generate random text]

    ------------------------------
    GMacri
    ------------------------------



  • 3.  RE: Replace record ID with other RNG based field for URL hacking

    Posted 19 days ago
    Hi GMarci!

    You may have already answered your own question, but I had a client with a similar need when exposing their application to EOTI. Along with generating a random 'key' number for them to use to resume progress on their record I also obfuscated the RID by converting it to the r=format that uses numbers and letters through the use of the formula function QB32Encode.

    So where you may have a URL formula such as:

    URLRoot() & "db/" & [_dbid_table] & "?a=dr&rid=" & [Record ID#]
    with a result of https://<name>.quickbase.com/db/<dbid>?a=dr&rid=1

    The new URL fomula would be as follows: 

    URLRoot() & "db/" & [_dbid_table] & "?a=dr&r=" & QB32Encode( [Record ID#])
    with a result of https://<name>.quickbase.com/db/<dbid>?a=dr&r=b


    This type of encoding is much harder to break as it is not incremental.

    Let me know if this was helpful 👍
    –Sharon



    ------------------------------
    Sharon Faust (QuickBaseJunkie.com)
    Founder, Quick Base Junkie
    https://quickbasejunkie.com
    ------------------------------



  • 4.  RE: Replace record ID with other RNG based field for URL hacking

    Posted 18 days ago

    Thats awesome, that's pretty much what iw as looking for.

     

    Giuseppe Macri

    Business Integration Coordinator | ConferMed

    19 Grand St., Middletown, CT 06457

    Phone: (860) 347-6971 x3762  

    Email  : Macrig@chc1.com

    www.ConferMed.com

    logo-confermed-tagline-tm

     


    This message originates from Community Health Center, Inc.. The information contained in this message may be privileged and confidential. If you are the intended recipient you must maintain this message in a secure and confidential manner. If you are not the intended recipient, please notify the sender immediately and delete all copies of this message. Thank you.