Re[2]: Hierarchy of form/text/math variables
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 31200
interpreted = N
texte = At 12:09 PM 5/1/00, jpeacock@univpress.com wrote:>No, I strongly disagree. I could see a keep things insecure and weak switch>in the Preferences, but this would make the WebCat program itself highly>complicated and cause more bugs than anything else. I would rather >not upgrade>or (more likely) rewrite all of my code, rather than keep the lax >security model>any longer.Why can't/won't you use John Butler's very simple and easily implemented scheme to protect the variables that you don't won't to allow to be changed from a form submission?> When I depend on variables to be secure, I run a routine at the top of the> page similar to this:> [formvariables]> [showif [name]^SecureUser,IsValidAccount,IsAdmin]> [authenticate Futile Hacker]> [/showif]> [/formvariables]> That is what major releases are all about; change happens,>especially in this industry, deal with it or get into another line of work.Changes shouldn't break existing code that is based on published specs.___Joe___#############################################################This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Associated Messages, from the most recent to the oldest:
At 12:09 PM 5/1/00, jpeacock@univpress.com wrote:>No, I strongly disagree. I could see a keep things insecure and weak switch>in the Preferences, but this would make the WebCat program itself highly>complicated and cause more bugs than anything else. I would rather >not upgrade>or (more likely) rewrite all of my code, rather than keep the lax >security model>any longer.Why can't/won't you use John Butler's very simple and easily implemented scheme to protect the variables that you don't won't to allow to be changed from a form submission?> When I depend on variables to be secure, I run a routine at the top of the> page similar to this:> [formvariables]> [showif [name]^SecureUser,IsValidAccount,IsAdmin]> [authenticate Futile Hacker]> [/showif]> [/formvariables]> That is what major releases are all about; change happens,>especially in this industry, deal with it or get into another line of work.Changes shouldn't break existing code that is based on published specs.___Joe___#############################################################This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Joseph D'Andrea
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] WebDNA to Text Messge (2013)
Separate SSL Server (1997)
ftp to webstar (2001)
Problems passing [SKU] with $Replace in 2.0 (1997)
"top" Clarification ( for apache ) (2008)
WebCat2b13 Mac plugin - [sendmail] and checkboxes (1997)
[sendmail] questions... (1997)
Customer - again (1998)
[AppendFile] problem (WebCat2b13 Mac .acgi) (1997)
Can WebDNA do this? (2000)
Interfacing WebMerchant to www.fedex.com (1997)
carts on MacOS X Server (2000)
Search (1997)
sendmail and accented characters (1998)
[delete] problem (1997)
New Command prefs ... (1997)
Where has WebDNA shown up in your life? (2003)
webmerch and serials - almost there (1997)
WebCat2.0 [format thousands .0f] no go (1997)
emailer (1997)