How to protect a request from changing parameters?

C

chelkaz2016-03-23 16:01:16

Laravel

chelkaz, 2016-03-23 16:01:16

There is a page with a question, for example:
site/questions/5
This page contains a question with id 5 which are stored in the table: questions
And right there on the page there is a form for answering the question, the answers are stored in the table: answers
The AddAnswerController controller processes the response record.
But you need to somehow know what question is the answer!
If the question number is sent via a Post request from a form with a hidden input, then when intercepting it, you can change it and send the answer to another question)
What methods are used for such situations?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

I

Ilya Erokhin, 2016-03-23
@AirWorker

There is no problem at all - the client says what he is answering and what question. It's easy to check when signing up whether the client has the right to answer this particular question. This is what the entire web is built on.

M

metallix, 2016-03-23
@metallix

I really wanted to quote one of the author's answers in another question -

Hmm... They decided to make an application, but you can't do such elementary things))) Ahaha))) Therefore, there are millions of shit sites and similar offers on the net and the same stupid answers from masters in quotation marks)))

D

DarkMatter, 2016-03-23
@darkmatter

So you do not put the question id in the input form, but look at the question router with when the post-request is triggered and turn the router into an id and attach the answer to this id.

M

Maxim Timofeev, 2016-03-23
@webinar

Why intercept when you can go to another page and reply? Or do you have hidden questions?
But in general, there is a csrf token to protect forms