Is it safe to use a hidden input form comment id?

Question

I am developing a facebook similar wall, and im a bit corious, is it safe to use a hidden input storing the stream id?

So in my db for comments i have 4 fields, the comment id, stream id, user id, and comment text stream id is for to locate which wall post has comment, and i would store this in a hidden input for the form.

is it safe? or i should think a nother idea?

Thank you

Never trust the client. So as long as you validate your ID, no harm in passing it along. — Interrobang, Aug 28 '12 at 06:27

score 3 · Accepted Answer · answered Aug 28 '12 at 06:31

Well, you have to identify somehow what wall user post at, so you have to pass that parameter either in GET parameters or other way (using POST at your case). I don't think anything is wrong with this. If someone can to a damage knowing that data then you have a security problem in your app.

Level of security by passing that data through hidden input or through GET parameter is the same.

score 0 · Answer 2 · answered Aug 28 '12 at 06:32

0

The safest way I can think of solving this problem is by using a session store if possible, unless I'm misunderstanding something.

answered Aug 28 '12 at 06:32

Lucas Green

3,951
22
27

Is it safe to use a hidden input form comment id?

2 Answers2