1 Reply Latest reply on Jun 12, 2009 11:17 AM by DwFAQ

    stopping users from changing the value of a URL variable

    lazlo Level 1

      Hello

       

      (using DW + ADDT)

       

      • I have a recordset that contains news items.
      • I have a page listing latest 3 news stories which passes the URL viariable newsID (eg www.domain.com?newsID=123)  to a detail page.
      • I have users of different levels of access.
      • How can I prevent users from simply changing the parameters of the URL variable (eg from newsID=123 to newsID=456) to potentially view a news item that I don't want them to?

       

      I thought about posting the variable via a form, but I ideally require the user to click on a title or paragraph <a> link rather than a submit button.

       

      anyone have the answer?

       

      many thanks,

       

      Lazlo

        • 1. Re: stopping users from changing the value of a URL variable
          DwFAQ Level 4

          Create a filtered recordset on details page with conditional region to allow access levels access to articles that are otherwise restricted for other users. So restrict access to page by access level then create a series of conditional region filtered recordsets where access level = whatever to show whatever articles for whatever access level.

           

          Make sense?