Hierarchy of form/text/math variables (renamed thread)

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31103
interpreted = N
texte = Oops, meant to rename that thread. Don't reply to the other one.>Please, Please, Please just fix the global tags and leave the hierarchy the >way it is.Naturally I'd like to figure out a way to keep the functionality you're asking for and also maintain some kind of security. It concerns me and lots of webmasters that any hacker can essentially change your internal text variables by simply putting a new field into the URL.It is a basic tenet of security that one doesn't depend only on ignorance to maintain security. It should be possible to write secure code even if the hacker knows all your source code. So, for instance, if you set some text variable like [text]IsValidAccount=F[/text] to indicate a bad account number, and a hacker puts &IsValidAccount=T into the URL, that's not a good thing if the form variable overrides the internal value.So let's try to think in a more general and abstract way about how we can achieve the same affect that you're getting now. Perhaps some kind of [PresetFormVariables] context, or something like that?Grant Hulbert, Director of Engineering ********************************** Smith Micro, Internet Solutions Div | eCommerce (WebCatalog) 16855 West Bernardo Drive, #380 | ------------------------- San Diego, CA 92127 | Software & Site Development Main Line: (858) 675-1106 | http://www.smithmicro.com Fax: (858) 675-0372 **********************************############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re: Hierarchy of form/text/math variables (renamed thread) (jpeacock@univpress.com 2000)
  2. Re: Hierarchy of form/text/math variables (renamed thread) (Brian B. Burton 2000)
  3. Re: Hierarchy of form/text/math variables (renamed thread) (Kenneth Grome 2000)
  4. Re: Hierarchy of form/text/math variables (renamed thread) (Howard Wolosky 2000)
  5. Re: Hierarchy of form/text/math variables (renamed thread) (Jesse Proudman 2000)
  6. Hierarchy of form/text/math variables (renamed thread) (Grant Hulbert 2000)
Oops, meant to rename that thread. Don't reply to the other one.>Please, Please, Please just fix the global tags and leave the hierarchy the >way it is.Naturally I'd like to figure out a way to keep the functionality you're asking for and also maintain some kind of security. It concerns me and lots of webmasters that any hacker can essentially change your internal text variables by simply putting a new field into the URL.It is a basic tenet of security that one doesn't depend only on ignorance to maintain security. It should be possible to write secure code even if the hacker knows all your source code. So, for instance, if you set some text variable like [text]IsValidAccount=F[/text] to indicate a bad account number, and a hacker puts &IsValidAccount=T into the URL, that's not a good thing if the form variable overrides the internal value.So let's try to think in a more general and abstract way about how we can achieve the same affect that you're getting now. Perhaps some kind of [PresetFormVariables] context, or something like that?Grant Hulbert, Director of Engineering ********************************** Smith Micro, Internet Solutions Div | eCommerce (WebCatalog) 16855 West Bernardo Drive, #380 | ------------------------- San Diego, CA 92127 | Software & Site Development Main Line: (858) 675-1106 | http://www.smithmicro.com Fax: (858) 675-0372 **********************************############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Grant Hulbert

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

TRAINING videos - Prove IT. (1998) Type 2 errors with WebCatalog.acgi (1997) WebCat2b13MacPlugIn - syntax to convert date (1997) Searching in a range... (1998) Friday Morning Funnies (2003) Introduction/Tutorial/QuickStart (1997) HTML Mail & Line breaks... (2004) Reserved Words (2003) Displaying photo attached to first record (1997) Questions To Answer (1997) [Writefile] path (2005) Fun with Dates - finally resolved but.... (1997) multi-paragraph fields (1997) textarea data entry and display (2000) Security for malls with different webmasters (1998) Document Contains No Data! (1997) HomePage Caution (1997) Totals (1999) Stopping bad HTML propagation ? (1997) [OT] HTML EMAIL program wanted (1999)