Re[2]: Hierarchy of form/text/math variables

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31200
interpreted = N
texte = At 12:09 PM 5/1/00, jpeacock@univpress.com wrote: >No, I strongly disagree. I could see a keep things insecure and weak switch >in the Preferences, but this would make the WebCat program itself highly >complicated and cause more bugs than anything else. I would rather >not upgrade >or (more likely) rewrite all of my code, rather than keep the lax >security model >any longer.Why can't/won't you use John Butler's very simple and easily implemented scheme to protect the variables that you don't won't to allow to be changed from a form submission?> When I depend on variables to be secure, I run a routine at the top of the > page similar to this: > [formvariables] > [showif [name]^SecureUser,IsValidAccount,IsAdmin] > [authenticate Futile Hacker] > [/showif] > [/formvariables] > That is what major releases are all about; change happens, >especially in this industry, deal with it or get into another line of work.Changes shouldn't break existing code that is based on published specs.___Joe___############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re[2]: Hierarchy of form/text/math variables (Joseph D'Andrea 2000)
  2. Re[2]: Hierarchy of form/text/math variables (jpeacock@univpress.com 2000)
At 12:09 PM 5/1/00, jpeacock@univpress.com wrote: >No, I strongly disagree. I could see a keep things insecure and weak switch >in the Preferences, but this would make the WebCat program itself highly >complicated and cause more bugs than anything else. I would rather >not upgrade >or (more likely) rewrite all of my code, rather than keep the lax >security model >any longer.Why can't/won't you use John Butler's very simple and easily implemented scheme to protect the variables that you don't won't to allow to be changed from a form submission?> When I depend on variables to be secure, I run a routine at the top of the > page similar to this: > [formvariables] > [showif [name]^SecureUser,IsValidAccount,IsAdmin] > [authenticate Futile Hacker] > [/showif] > [/formvariables] > That is what major releases are all about; change happens, >especially in this industry, deal with it or get into another line of work.Changes shouldn't break existing code that is based on published specs.___Joe___############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Joseph D'Andrea

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Catalogs and W* (1996) Malformed Pages (1999) No luck with taxes (1997) Affiliate Schemes (2004) pc (1997) Dreamweaver noedit ??? (2005) Some ThankYou page problems (1997) email (1998) Running 2 two WebCatalog.acgi's (1996) Problems getting parameters passed into email. (1997) NT version (1997) Re:ListFields and [name] (1997) Email notification to one of multiple vendors ? (1997) Single Link browsing (1997) japanese characters (1997) all records returned. (1997) math on date? (1997) [LOOKUP] (1997) Searchable WebCat (etc.) Docs ? (1997) [Semi OT] HMAC_SHA1 (2006)