Re[2]: Hierarchy of form/text/math variables
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 31200
interpreted = N
texte = At 12:09 PM 5/1/00, jpeacock@univpress.com wrote:>No, I strongly disagree. I could see a keep things insecure and weak switch>in the Preferences, but this would make the WebCat program itself highly>complicated and cause more bugs than anything else. I would rather >not upgrade>or (more likely) rewrite all of my code, rather than keep the lax >security model>any longer.Why can't/won't you use John Butler's very simple and easily implemented scheme to protect the variables that you don't won't to allow to be changed from a form submission?> When I depend on variables to be secure, I run a routine at the top of the> page similar to this:> [formvariables]> [showif [name]^SecureUser,IsValidAccount,IsAdmin]> [authenticate Futile Hacker]> [/showif]> [/formvariables]> That is what major releases are all about; change happens,>especially in this industry, deal with it or get into another line of work.Changes shouldn't break existing code that is based on published specs.___Joe___#############################################################This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Associated Messages, from the most recent to the oldest:
At 12:09 PM 5/1/00, jpeacock@univpress.com wrote:>No, I strongly disagree. I could see a keep things insecure and weak switch>in the Preferences, but this would make the WebCat program itself highly>complicated and cause more bugs than anything else. I would rather >not upgrade>or (more likely) rewrite all of my code, rather than keep the lax >security model>any longer.Why can't/won't you use John Butler's very simple and easily implemented scheme to protect the variables that you don't won't to allow to be changed from a form submission?> When I depend on variables to be secure, I run a routine at the top of the> page similar to this:> [formvariables]> [showif [name]^SecureUser,IsValidAccount,IsAdmin]> [authenticate Futile Hacker]> [/showif]> [/formvariables]> That is what major releases are all about; change happens,>especially in this industry, deal with it or get into another line of work.Changes shouldn't break existing code that is based on published specs.___Joe___#############################################################This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Joseph D'Andrea
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Emailer error 550? Never mind. (1999)
How to verify email address (1997)
Initiating NewCart (1997)
[WebDNA] Where's that developer list? (2012)
CloseDataBase vs CommitDataBase (2007)
Setting up shop (1997)
Redirect and passing more than one variable... (2002)
[cart] (1998)
WebCat2b13MacPlugIn - More limits on [include] (1997)
SV: Mass Mail (2000)
If search results are blank... (2003)
RE: New WebCatalog Version !!! (1997)
Emailer help....! (1997)
RAM problems, [appendfile] problems (1998)
emailer error 103 part ii (1997)
Repeating Fields (1997)
[WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (2011)
WebCat2 - storing unformatted date data? (1997)
sql context issues (2001)
Include a big block of text (1997)