i'm currently attempting to make my menu a bit more dynamic. the idea is that i want to be able to show certain items in the menu at certain times. for example links having to do with the forums when they're in the forums area. so on so forth. so far the solution i've come up with is passing info through headers. what i'm here to ask is whether or not that's a security risk. i guess i could just not put sensitive admin links into this script, but that's no fun. does anyone have a better idea?
What you want to do is fairly standard practice... but hold secure information in a session or in cookies rather than headers.
not sure what kinda secure info you want to pass with a menu....but sessions would probably be your best bet.
If it's real secure info, you may not want to store in cookie if the person accessing the computer is on an open network.
well what i planned to do was drop headers of my own indicating what items can and can not be shown in the menu. so like if the end-user was logged into the site, it won't show the login. or specific set of links corosponding to the page that they're on. really just treat it as a flag. security wise i was concerned about some links that would be shown for moderators, and myself. if someone happened to know the secret (and i'm sure eventually someone would) i just figured to write in a little more checks to make sure it's making the right decision. i'll definately look into sessions. i never was a fan of cookies.
