Re: where to put code
This WebDNA talk-list message is from 1998
It keeps the original formatting.
numero = 19326
interpreted = N
texte = >I personally prefer to use the context method on resulting pages. There I>can see the code at once, which makes it easier to understand. Anyway - I>do not like these long ugly URL's... And if one uses Replace or Delete>in a link, then this command has to be allowed for user input and therefore>some funny guy can destroy the database by simply playing with the URL.>There can be situation when commands in th URL make sense, but my personal>recommendation is to use contexts like [search...] on the target page>whenever you can.I agree. I do so myself. I have gone so far as disabling ALL URL commands except for ShowPage, and added a WebStar Realm with a .db match string for even more security.Of course that this has forced me to change a lot of code in the General Store, but I feel much safer this way...Now, if I could only disable certain commands, like [AppleScript], I would be happier still.Charles_______________________________________________________________Institut Balear de Comunicacions, S.L.Gremio Tejedores 22, 107009 Palma de Mallorca, Spain_____________________________________________Tel: +34 971.43.12.77Fax: +34 971.43.08.18 E-mail: ckefauver@ibacom.esURL: http://www.ibacom.es/_____________________________________________Public PGP signature (Clave publica PGP):http://www.ibacom.es/PGP/kefauver.txt_______________________________________________________________
Associated Messages, from the most recent to the oldest:
>I personally prefer to use the context method on resulting pages. There I>can see the code at once, which makes it easier to understand. Anyway - I>do not like these long ugly URL's... And if one uses Replace or Delete>in a link, then this command has to be allowed for user input and therefore>some funny guy can destroy the database by simply playing with the URL.>There can be situation when commands in th URL make sense, but my personal>recommendation is to use contexts like [search...] on the target page>whenever you can.I agree. I do so myself. I have gone so far as disabling ALL URL commands except for ShowPage, and added a WebStar Realm with a .db match string for even more security.Of course that this has forced me to change a lot of code in the General Store, but I feel much safer this way...Now, if I could only disable certain commands, like [AppleScript], I would be happier still.Charles_______________________________________________________________Institut Balear de Comunicacions, S.L.Gremio Tejedores 22, 107009 Palma de Mallorca, Spain_____________________________________________Tel: +34 971.43.12.77Fax: +34 971.43.08.18 E-mail: ckefauver@ibacom.esURL: http://www.ibacom.es/_____________________________________________Public PGP signature (Clave publica PGP):http://www.ibacom.es/PGP/kefauver.txt_______________________________________________________________
Charles Kefauver
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Success Stories (1997)
Understanding texta (1997)
Database Security (1998)
New reserved words for [tags] (2000)
[WebDNA] Session timeout solution (2010)
Incompatibility with WebCat 3 templates ... (2000)
WebCatalog [FoundItems] Problem - AGAIN - (1997)
Emailer setup (1997)
SSL and Webstar 3 with Webcatalog (1998)
[OT] WebDNA and MyODBC (2003)
[WebDNA] 64-bit Debian 6 with Lighttpd and WebDNA 7.1 (2012)
WebCat Contest (1998)
Re:2nd WebCatalog2 Feature Request (1996)
Extended [ConvertChars] (1997)
Adding Multiple Items to Shopping Cart from a Results page (1997)
404 error -- but wc code executes... (2001)
[WebDNA] Multiplication Math Test (2008)
about this server and links to who (1997)
Forms Search Questions (1997)
Requiring that certain fields be completed (1997)