Re: [ReturnRaw] and hiding FORM data
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 46908
interpreted = N
texte = Quite True Tim,But still this is an answer to the exapmle I'm trying to show... it's just an example.-- Regards,Marko------------------------------------------------------------------Marko Bernyk - Senior System Engineermailto:marko@conexus.com.au http://www.conexus.com.auTechnical Services, Conexus Pty Ltd, Sydney, AustraliaPh 02 9975 2799 Fax 02 9975 2799 :)------------------------------------------------------------------On Thursday, 16 January 2003 4:39 PM, Tim Robinson
wrote:>There is no way they can know where the DB is because it's coded into the>next page in the [search] context.>>Can YOU get a search to work using>Results.tpl$search?db=test.db&var1=1&var2=2&var3=3 when there's also a>search context on the results.tpl page?>>Regards,>Tim>-- >Tim Robinson>IDFK Web Developments>tim@idfk.com.au>114a/40 Yeo Street>Neutral Bay 2089>Australia>Phone +612 9908 2134>Fax +612 9908 4837>>> From: Marko Bernyk >> Reply-To: (WebCatalog Talk)>> Date: 16 Jan 2003 16:22:19 +1100>> To: (WebCatalog Talk)>> Subject: Re: [ReturnRaw] and hiding FORM data>> >> Clayton,>> >> WebDNA code like [WebDNA] are parsed correclty for variables or for return>> items in a [founditems]>> >> It is not the [WebDNA] code im worried about, but the form or database field>> names. The data returned from Parsing is only for 1 record.>> By hiding the Form data in a [ReturnRaw] you get nothing shown in the origial>> page source or the result page or URL for the search.>> >> Take a look at my example form here:>> >> >> >> this is the same as a url link:>> /Results.tpl$search?db=test.db&var1=1&var2=2&var3=3>> >> >> sample [WebDNA]: [var1] = Hello [var2] = World [var3] = Private>> >> If I was using [WebDNA] with the sample FORM code would look like:>> >> >> would look like this in the HTML source>> >> >> this is the same as a url link:>> /Results.tpl$search?db=test.db&var1=Hello&var2=World&var3=Private>> >> from here people can see that you are using a database 'test.db' and there a>> fields you can do a search on called 'var1', 'var2', 'var3'>> >> so any one who knows WebDNA can generate a url to do this:>> /Results.tpl$search?db=test.db&gevar3=0&var3sort=1&var3sdir=as>> >> You can get this information from the Form Data in ANY html page!>> Just goto a web page that has a form then from the menu select view source ->> form data is shown>> >> Now these are just examples of what can be done. I do not want critism on the>> example FORM>> >> I just want to use [ReturnRaw] to pass FORM Data just like a normal form>> would... but all the DATA is invisible as the [ReturnRaw] is a WebDNA parsed>> result, not some sort of link like a FORM on a page you can view the souce of.>> >> -- >> Regards,>> Marko>> ------------------------------------------------------------------>> Marko Bernyk - Senior System Engineer>> mailto:marko@conexus.com.au http://www.conexus.com.au>> Technical Services, Conexus Pty Ltd, Sydney, Australia>> Ph 02 9975 2799 Fax 02 9975 2799 :)>> ------------------------------------------------------------------>> >> On Thursday, 16 January 2003 3:31 PM, Clayton Randall >> wrote:>>> If the code is webcat code, and the webdna processor properly parses>>> the file, there is no source shown to the browser, it is just a plain>>> webpage.>>> On Wednesday, January 15, 2003, at 11:28 PM, Marko Bernyk>>> wrote:>>> >>>> Thanks Tim...>>>> >>>> But it still does not satify my request in part 2)>>>> >>>>>> By using a [ReturnRaw] command you can hide all search cammands in a>>>>>> page>>>>>> that:>>>>>> 1) never shows the cammands in a URL,>>>>>> 2) is never part of the referer page source>>>>>> and best of all>>>>>> 3) nobody can ever see the search code as the page that contains the>>>>>> code is a>>>>>> [ReturnRaw] page and will always be processed as a web page and>>>>>> never have any>>>>>> source.>>>> >>>> The FORM data is still part of the referer page ie: the page you click>>>> on to do the search.>>>> >>>> By using [ReturnRaw] I would not have ANY data showing on any pages>>>> source or URL!>>>> This increases security of data hackers using your search code to get>>>> Information out of databases they should not have access to.>>>> eg: Normal users vs members, or Differnet levels of Admin rights to a>>>> database.>>>> This also would mean that certin databases don't not have to be>>>> duplicated if 90% of the data is the same.>>>> >>>> -- >>>> Regards,>>>> Marko>>>> ------------------------------------------------------------------>>>> Marko Bernyk - Senior System Engineer>>>> mailto:marko@conexus.com.au http://www.conexus.com.au>>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>>> Ph 02 9975 2799 Fax 02 9975 2799 :)>>>> ------------------------------------------------------------------>>>> >>>> On Thursday, 16 January 2003 12:31 PM, Tim Robinson >>>> wrote:>>>>> Just have the [search] context and db value on the results.tpl>>>>> page.>>>>> >>>>> >>>>> >>>>> On page results.tpl:>>>>> >>>>> [search db=test.db&etc]>>>>> [founditems]>>>>> stuff>>>>> [/founditems]>>>>> [/search]>>>>> >>>>> The form post will not have any other values in the URL.>>>>> >>>>> Regards,>>>>> Tim>>>>> -- >>>>> Tim Robinson>>>>> IDFK Web Developments>>>>> tim@idfk.com.au>>>>> 114a/40 Yeo Street>>>>> Neutral Bay 2089>>>>> Australia>>>>> Phone +612 9908 2134>>>>> Fax +612 9908 4837>>>>> >>>>>> From: Marko Bernyk >>>>>> Reply-To: (WebCatalog Talk)>>>>>> Date: 16 Jan 2003 12:20:35 +1100>>>>>> To: (WebCatalog Talk)>>>>>> Subject: [ReturnRaw] and hiding FORM data>>>>>> >>>>>> What I want to do is perform a [ReturnRaw] command that will perform>>>>>> exactly>>>>>> as pressing a Submit button on a form. Including the new page url not>>>>>> containing the search data!>>>>>> >>>>>> eg: here is a example form>>>>>> >>>>>> >>>>>> Now you can also use the full url to get the same search result as>>>>>> the FORM:>>>>>> http://192.168.1.1/Results.tpl$search?db=test.db&vat1=1&var2=2&var3=3>>>>>> >>>>>> but the FORM has the added advantage of hiding the data in the>>>>>> search request.>>>>>> The FORM opens up a result page and it just displays>>>>>> http://192.168.1.1/Results.tpl$search as the url.>>>>>> >>>>>> So now you know the result I want, here is the reason:>>>>>> But putting the Search query in a FORM you can hide the result page>>>>>> search>>>>>> Data - but the data is still in the HTML code of the referrer page>>>>>> as FORM>>>>>> syntax - anyone can read this as source.>>>>>> >>>>>> By using a [ReturnRaw] command you can hide all search cammands in a>>>>>> page>>>>>> that:>>>>>> 1) never shows the cammands in a URL,>>>>>> 2) is never part of the referer page source>>>>>> and best of all>>>>>> 3) nobody can ever see the search code as the page that contains the>>>>>> code is a>>>>>> [ReturnRaw] page and will always be processed as a web page and>>>>>> never have any>>>>>> source.>>>>>> >>>>>> >>>>>> So my Test of [ReturnRaw] is this:>>>>>> (Note Mac users need to save file as DOS style text, as DOS carrage>>>>>> returns>>>>>> are needed for this work)>>>>>> >>>>>> [returnraw]HTTP/1.0 302 Found>>>>>> Location: /Results.tpl$search?db=catalog.db&var1=1&var2=2&var3=3>>>>>> >>>>>> [/returnraw]>>>>>> >>>>>> From what I can gather [ReturnRaw] is a redirect result (using Code>>>>>> 302)>>>>>> forcing the browser to jump to the link in 'Location:' , It is not a>>>>>> request>>>>>> for a url!>>>>>> >>>>>> I determined this using Etherpeek and looking up w3.org file>>>>>> http://www.ietf.org/rfc/rfc2616.txt - Page 135 Section 14.30>>>>>> My EtherPeek packet result for the FORM being processes is:>>>>>> Command: POST>>>>>> URI: /Results.tpl$search>>>>>> Version: HTTP/1.1>>>>>> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*>>>>>> Referer: http://192.168.1.1/test.tpl>>>>>> Accept-Language: en-au>>>>>> Content-Type: application/x-www-form-urlencoded>>>>>> Accept-Encoding: gzip, deflate>>>>>> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)>>>>>> Host: brains.conexus.com.au>>>>>> Content-Length: 45>>>>>> Connection: Keep-Alive>>>>>> Cache-Control: no-cache>>>>>> >>>>>> Line 1: db=test.db&var1=1&var2=2&var3=3&Submit=Submit>>>>>> >>>>>> --END-->>>>>> >>>>>> >>>>>> How would you code a [ReturnRaw] for the FORM above to get a result>>>>>> page with>>>>>> NO search data in the URL?>>>>>> What Other commands can be used in the [ReturnRaw]>>>>>> >>>>>> >>>>>> -- >>>>>> Regards,>>>>>> Marko>>>>>> ------------------------------------------------------------------>>>>>> Marko Bernyk - Senior System Engineer>>>>>> mailto:marko@conexus.com.au http://www.conexus.com.au>>>>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>>>>> Ph 02 9975 2799 Fax 02 9975 2799 :)>>>>>> ------------------------------------------------------------------>>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------->>>>>> This message is sent to you because you are subscribed to>>>>>> the mailing list .>>>>>> To unsubscribe, E-mail to: >>>>>> To switch to the DIGEST mode, E-mail to>>>>>> >>>>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------->>>>> This message is sent to you because you are subscribed to>>>>> the mailing list .>>>>> To unsubscribe, E-mail to: >>>>> To switch to the DIGEST mode, E-mail to>>>>> >>>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------->>>> This message is sent to you because you are subscribed to>>>> the mailing list .>>>> To unsubscribe, E-mail to: >>>> To switch to the DIGEST mode, E-mail to>>>> >>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>> >>> >>> >>> ------------------------------------------------------------->>> This message is sent to you because you are subscribed to>>> the mailing list .>>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to>>> >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>> >> >> >> >> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to>> >> Web Archive of this list is at: http://webdna.smithmicro.com/>> >>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Quite True Tim,But still this is an answer to the exapmle I'm trying to show... it's just an example.-- Regards,Marko------------------------------------------------------------------Marko Bernyk - Senior System Engineermailto:marko@conexus.com.au http://www.conexus.com.auTechnical Services, Conexus Pty Ltd, Sydney, AustraliaPh 02 9975 2799 Fax 02 9975 2799 :)------------------------------------------------------------------On Thursday, 16 January 2003 4:39 PM, Tim Robinson wrote:>There is no way they can know where the DB is because it's coded into the>next page in the [search] context.>>Can YOU get a search to work using>Results.tpl$search?db=test.db&var1=1&var2=2&var3=3 when there's also a>search context on the results.tpl page?>>Regards,>Tim>-- >Tim Robinson>IDFK Web Developments>tim@idfk.com.au>114a/40 Yeo Street>Neutral Bay 2089>Australia>Phone +612 9908 2134>Fax +612 9908 4837>>> From: Marko Bernyk >> Reply-To: (WebCatalog Talk)>> Date: 16 Jan 2003 16:22:19 +1100>> To: (WebCatalog Talk)>> Subject: Re: [returnraw] and hiding FORM data>> >> Clayton,>> >> WebDNA code like [WebDNA] are parsed correclty for variables or for return>> items in a [founditems]>> >> It is not the [WebDNA] code im worried about, but the form or database field>> names. The data returned from Parsing is only for 1 record.>> By hiding the Form data in a [returnraw] you get nothing shown in the origial>> page source or the result page or URL for the search.>> >> Take a look at my example form here:>> >> >> >> this is the same as a url link:>> /Results.tpl$search?db=test.db&var1=1&var2=2&var3=3>> >> >> sample [WebDNA]: [var1] = Hello [var2] = World [var3] = Private>> >> If I was using [WebDNA] with the sample FORM code would look like:>> >> >> would look like this in the HTML source>> >> >> this is the same as a url link:>> /Results.tpl$search?db=test.db&var1=Hello&var2=World&var3=Private>> >> from here people can see that you are using a database 'test.db' and there a>> fields you can do a search on called 'var1', 'var2', 'var3'>> >> so any one who knows WebDNA can generate a url to do this:>> /Results.tpl$search?db=test.db&gevar3=0&var3sort=1&var3sdir=as>> >> You can get this information from the Form Data in ANY html page!>> Just goto a web page that has a form then from the menu select view source ->> form data is shown>> >> Now these are just examples of what can be done. I do not want critism on the>> example FORM>> >> I just want to use [returnraw] to pass FORM Data just like a normal form>> would... but all the DATA is invisible as the [returnraw] is a WebDNA parsed>> result, not some sort of link like a FORM on a page you can view the souce of.>> >> -- >> Regards,>> Marko>> ------------------------------------------------------------------>> Marko Bernyk - Senior System Engineer>> mailto:marko@conexus.com.au http://www.conexus.com.au>> Technical Services, Conexus Pty Ltd, Sydney, Australia>> Ph 02 9975 2799 Fax 02 9975 2799 :)>> ------------------------------------------------------------------>> >> On Thursday, 16 January 2003 3:31 PM, Clayton Randall >> wrote:>>> If the code is webcat code, and the webdna processor properly parses>>> the file, there is no source shown to the browser, it is just a plain>>> webpage.>>> On Wednesday, January 15, 2003, at 11:28 PM, Marko Bernyk>>> wrote:>>> >>>> Thanks Tim...>>>> >>>> But it still does not satify my request in part 2)>>>> >>>>>> By using a [returnraw] command you can hide all search cammands in a>>>>>> page>>>>>> that:>>>>>> 1) never shows the cammands in a URL,>>>>>> 2) is never part of the referer page source>>>>>> and best of all>>>>>> 3) nobody can ever see the search code as the page that contains the>>>>>> code is a>>>>>> [returnraw] page and will always be processed as a web page and>>>>>> never have any>>>>>> source.>>>> >>>> The FORM data is still part of the referer page ie: the page you click>>>> on to do the search.>>>> >>>> By using [returnraw] I would not have ANY data showing on any pages>>>> source or URL!>>>> This increases security of data hackers using your search code to get>>>> Information out of databases they should not have access to.>>>> eg: Normal users vs members, or Differnet levels of Admin rights to a>>>> database.>>>> This also would mean that certin databases don't not have to be>>>> duplicated if 90% of the data is the same.>>>> >>>> -- >>>> Regards,>>>> Marko>>>> ------------------------------------------------------------------>>>> Marko Bernyk - Senior System Engineer>>>> mailto:marko@conexus.com.au http://www.conexus.com.au>>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>>> Ph 02 9975 2799 Fax 02 9975 2799 :)>>>> ------------------------------------------------------------------>>>> >>>> On Thursday, 16 January 2003 12:31 PM, Tim Robinson >>>> wrote:>>>>> Just have the [search] context and db value on the results.tpl>>>>> page.>>>>> >>>>> >>>>> >>>>> On page results.tpl:>>>>> >>>>> [search db=test.db&etc]>>>>> [founditems]>>>>> stuff>>>>> [/founditems]>>>>> [/search]>>>>> >>>>> The form post will not have any other values in the URL.>>>>> >>>>> Regards,>>>>> Tim>>>>> -- >>>>> Tim Robinson>>>>> IDFK Web Developments>>>>> tim@idfk.com.au>>>>> 114a/40 Yeo Street>>>>> Neutral Bay 2089>>>>> Australia>>>>> Phone +612 9908 2134>>>>> Fax +612 9908 4837>>>>> >>>>>> From: Marko Bernyk >>>>>> Reply-To: (WebCatalog Talk)>>>>>> Date: 16 Jan 2003 12:20:35 +1100>>>>>> To: (WebCatalog Talk)>>>>>> Subject: [returnraw] and hiding FORM data>>>>>> >>>>>> What I want to do is perform a [returnraw] command that will perform>>>>>> exactly>>>>>> as pressing a Submit button on a form. Including the new page url not>>>>>> containing the search data!>>>>>> >>>>>> eg: here is a example form>>>>>> >>>>>> >>>>>> Now you can also use the full url to get the same search result as>>>>>> the FORM:>>>>>> http://192.168.1.1/Results.tpl$search?db=test.db&vat1=1&var2=2&var3=3>>>>>> >>>>>> but the FORM has the added advantage of hiding the data in the>>>>>> search request.>>>>>> The FORM opens up a result page and it just displays>>>>>> http://192.168.1.1/Results.tpl$search as the url.>>>>>> >>>>>> So now you know the result I want, here is the reason:>>>>>> But putting the Search query in a FORM you can hide the result page>>>>>> search>>>>>> Data - but the data is still in the HTML code of the referrer page>>>>>> as FORM>>>>>> syntax - anyone can read this as source.>>>>>> >>>>>> By using a [returnraw] command you can hide all search cammands in a>>>>>> page>>>>>> that:>>>>>> 1) never shows the cammands in a URL,>>>>>> 2) is never part of the referer page source>>>>>> and best of all>>>>>> 3) nobody can ever see the search code as the page that contains the>>>>>> code is a>>>>>> [returnraw] page and will always be processed as a web page and>>>>>> never have any>>>>>> source.>>>>>> >>>>>> >>>>>> So my Test of [returnraw] is this:>>>>>> (Note Mac users need to save file as DOS style text, as DOS carrage>>>>>> returns>>>>>> are needed for this work)>>>>>> >>>>>> [returnraw]HTTP/1.0 302 Found>>>>>> Location: /Results.tpl$search?db=catalog.db&var1=1&var2=2&var3=3>>>>>> >>>>>> [/returnraw]>>>>>> >>>>>> From what I can gather [returnraw] is a redirect result (using Code>>>>>> 302)>>>>>> forcing the browser to jump to the link in 'Location:' , It is not a>>>>>> request>>>>>> for a url!>>>>>> >>>>>> I determined this using Etherpeek and looking up w3.org file>>>>>> http://www.ietf.org/rfc/rfc2616.txt - Page 135 Section 14.30>>>>>> My EtherPeek packet result for the FORM being processes is:>>>>>> Command: POST>>>>>> URI: /Results.tpl$search>>>>>> Version: HTTP/1.1>>>>>> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*>>>>>> Referer: http://192.168.1.1/test.tpl>>>>>> Accept-Language: en-au>>>>>> Content-Type: application/x-www-form-urlencoded>>>>>> Accept-Encoding: gzip, deflate>>>>>> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)>>>>>> Host: brains.conexus.com.au>>>>>> Content-Length: 45>>>>>> Connection: Keep-Alive>>>>>> Cache-Control: no-cache>>>>>> >>>>>> Line 1: db=test.db&var1=1&var2=2&var3=3&Submit=Submit>>>>>> >>>>>> --END-->>>>>> >>>>>> >>>>>> How would you code a [returnraw] for the FORM above to get a result>>>>>> page with>>>>>> NO search data in the URL?>>>>>> What Other commands can be used in the [returnraw]>>>>>> >>>>>> >>>>>> -- >>>>>> Regards,>>>>>> Marko>>>>>> ------------------------------------------------------------------>>>>>> Marko Bernyk - Senior System Engineer>>>>>> mailto:marko@conexus.com.au http://www.conexus.com.au>>>>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>>>>> Ph 02 9975 2799 Fax 02 9975 2799 :)>>>>>> ------------------------------------------------------------------>>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------->>>>>> This message is sent to you because you are subscribed to>>>>>> the mailing list .>>>>>> To unsubscribe, E-mail to: >>>>>> To switch to the DIGEST mode, E-mail to>>>>>> >>>>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------->>>>> This message is sent to you because you are subscribed to>>>>> the mailing list .>>>>> To unsubscribe, E-mail to: >>>>> To switch to the DIGEST mode, E-mail to>>>>> >>>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------->>>> This message is sent to you because you are subscribed to>>>> the mailing list .>>>> To unsubscribe, E-mail to: >>>> To switch to the DIGEST mode, E-mail to>>>> >>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>> >>> >>> >>> ------------------------------------------------------------->>> This message is sent to you because you are subscribed to>>> the mailing list .>>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to>>> >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>> >> >> >> >> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to>> >> Web Archive of this list is at: http://webdna.smithmicro.com/>> >>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Marko Bernyk
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
wrong input values? (1997)
[WebDNA] How to Combine a search with Webdna and JS (2017)
Erotic Sites (1997)
Re:2nd WebCatalog2 Feature Request (1996)
Help!!!! (1997)
WebCatalog2 Feature Feedback (1996)
[WebDNA] Image resizing on the fly (2012)
[WebDNA] directory protection questions (2008)
Setting up shop (1997)
test (2003)
emailer setup (1997)
Country & Ship-to address & other fields ? (1997)
Quitting WebMerchant ? (1997)
show all problem (1997)
WebMerchant Integration with Verifone's vPOS (1998)
searchable list archive (1997)
More on the email templates (1997)
quantity minimum problem (1997)
[convertchars] limits (1998)
WC1.6 to WC2 date formatting -FIXED! (1997)