Replace record ID with other RNG based field for URL hacking

Question

Hi,The long and short of it is, i'd like to obfusticate the RID portion of a URL for an edit record with something a little more random.&nbsp;The purpose is to stop random searching of records via URL hacking where the user could change the &amp;rid= portion of the URL. However, in my app, i have enabled EOTI users to "Save" their progress on a form, which would email them a link to edit the record they were just editing.&nbsp;So essentially, i was wondering if i could make a different reference in the URL which is harder to guess than RID------------------------------GMacri------------------------------

giuseppemacri · Answer

Thats awesome, that's pretty much what iw as looking for. &nbsp; Giuseppe Macri Business Integration Coordinator | ConferMed 19 Grand St., Middletown, CT 06457 Phone: (860) 347-6971 x3762 &nbsp; Email&nbsp; : Macrig@chc1.com www.ConferMed.com   &nbsp;   This message originates from Community Health Center, Inc.. The information contained in this message may be privileged and confidential. If you are the intended recipient you must maintain this message in a secure and  confidential manner. If you are not the intended recipient, please notify the sender immediately and delete all copies of this message. Thank you. ------Original Message------Hi GMarci!You may have already answered your own question, but I had a client with a similar need when exposing their application to EOTI. Along with generating a random 'key' number for them to use to resume progress on their record I also obfuscated the RID by converting it to the r=format that uses numbers and letters through the use of the formula function QB32Encode.So where you may have a URL formula such as:
URLRoot() &amp; "db/" &amp; [_dbid_table] &amp; "?a=dr&amp;rid=" &amp; [Record ID#]with a result of&nbsp;https://&lt;name&gt;.quickbase.com/db/&lt;dbid&gt;?a=dr&amp;rid=1
The new URL fomula would be as follows:&nbsp;
URLRoot() &amp; "db/" &amp; [_dbid_table] &amp; "?a=dr&amp;r=" &amp; QB32Encode( [Record ID#])with a result of&nbsp;https://&lt;name&gt;.quickbase.com/db/&lt;dbid&gt;?a=dr&amp;r=b
This type of encoding is much harder to break as it is not incremental.Let me know if this was helpful 👍–Sharon------------------------------Sharon Faust (QuickBaseJunkie.com)Founder, Quick Base Junkiehttps://quickbasejunkie.com------------------------------

giuseppemacri · Answer

am idiot, forgot about &amp;key=[Field to generate random text]------------------------------GMacri------------------------------

quickbasejunkie · Answer

Hi GMarci!You may have already answered your own question, but I had a client with a similar need when exposing their application to EOTI. Along with generating a random 'key' number for them to use to resume progress on their record I also obfuscated the RID by converting it to the r=format that uses numbers and letters through the use of the formula function QB32Encode.So where you may have a URL formula such as:
URLRoot() &amp; "db/" &amp; [_dbid_table] &amp; "?a=dr&amp;rid=" &amp; [Record ID#]with a result of&nbsp;https://&lt;name&gt;.quickbase.com/db/&lt;dbid&gt;?a=dr&amp;rid=1
The new URL fomula would be as follows:&nbsp;
URLRoot() &amp; "db/" &amp; [_dbid_table] &amp; "?a=dr&amp;r=" &amp; QB32Encode( [Record ID#])with a result of&nbsp;https://&lt;name&gt;.quickbase.com/db/&lt;dbid&gt;?a=dr&amp;r=b
This type of encoding is much harder to break as it is not incremental.Let me know if this was helpful 👍–Sharon------------------------------Sharon Faust (QuickBaseJunkie.com)Founder, Quick Base Junkiehttps://quickbasejunkie.com------------------------------

Forum Discussion

Replace record ID with other RNG based field for URL hacking

3 Replies

Related Content

Find and Replace Field Values

Replacing Hard-Coded Parameters

Custom Record Titles

Using Grid Edit to Edit Multiple Records at Once

Cant See Associated Records