Overriding text variables ...

This WebDNA talk-list message is from

2000

It keeps the original formatting. numero = 32870
interpreted = N
texte = >As near as I can tell, the primary use of overriding text variables with>incoming form variables is so the programmer can neglect to idiot check>the incoming variables.Not for me. I never use it this way. I cannot speak for others, but from the very beginning I planned to use webcatalog's variable hierarchy to insure that my page variables would be overridden when formvariables of the same names are passed into the page. I developed my coding technique by design, specifically to take advantage of the behavior of this hierarchy, so this was definitely no accident in my case ... :)>This is, IMNSHO, bad programming and I view the>continued use of such lazy shortcuts as mistakes.I intend to continue using my high-performance coding techniques in version 4. Does this mean you consider my techniques bad programming or lazy shortcuts or mistakes?I have been dealing with the issues of insecure text variables ever since text variables were introduced. If I decided to adopt this new variable hierarchy it would add nothing to the security of my sites, but it would definitely slow me down when I'm writing my webdna code -- because the efficient coding techniques available in the traditional hierarchy are impossible to duplicate in the new hierarchy.If SM really wanted to make webcat more secure, they could have developed a mechanism that prevents any suffix listed as a database from being displayed in the browser as a template. This one simple change would effectively prevent *all* database files from being displayed in the browser -- unless they are first re-written with a valid template suffix.This would have provided far more security to may users than the change they made to the variable hierarchy. I seem to get one or two private email messages a month asking me why webcat displays the entire contents of a database file in the browser! This makes it obvious to me that some people don't even know how to set the current preferences correctly, and that's a security issue if there ever was one.>I suspect that everyone who stumbled across this behavior on>their own did so while uncovering a mistake in their code.I did not stumble on this, so I guess your suspicions are wrong ... :)If you read the archives during the time text variables first came out, I think you will find that some of the most experienced webdna programmers available at that time were asking important questions about the variable hierarchy. And at that time, PCS clearly stated that text and math variables were going to be lower in the hierarchy than formvariables -- which means they would be overridden by incoming formvariables having the same names.This kind of information starts some people's mental gears spinning, and that's one reason wny I believe that many of us ended up developing the same (or very similar) coding techniques that take full advantage of the traditional hierarchy.Of course, anyone who wasn't on the list at that time would not have been presented with this information in such a direct way, so maybe these late-comers would not have been thinking about it as must as those of us who were actually there when this was all happening.And maybe these techniques would not have occurred to those with strong backgrounds in other programming environments which are dramatically different from the webdna coding environment.But all these people might end up learning similar techniques simply by reading the examples posted i the archives and on this list. Therefore, I feel that very few people actually 'stumbled' upon anything.Of course, this is only my opinion ... :)================================Kenneth Grome, WebDNA Consultant808-737-6499 http://webdna.net================================-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Overriding text variables ... (Kenneth Grome 2000)

>As near as I can tell, the primary use of overriding text variables with>incoming form variables is so the programmer can neglect to idiot check>the incoming variables.Not for me. I never use it this way. I cannot speak for others, but from the very beginning I planned to use webcatalog's variable hierarchy to insure that my page variables would be overridden when formvariables of the same names are passed into the page. I developed my coding technique by design, specifically to take advantage of the behavior of this hierarchy, so this was definitely no accident in my case ... :)>This is, IMNSHO, bad programming and I view the>continued use of such lazy shortcuts as mistakes.I intend to continue using my high-performance coding techniques in version 4. Does this mean you consider my techniques bad programming or lazy shortcuts or mistakes?I have been dealing with the issues of insecure text variables ever since text variables were introduced. If I decided to adopt this new variable hierarchy it would add nothing to the security of my sites, but it would definitely slow me down when I'm writing my webdna code -- because the efficient coding techniques available in the traditional hierarchy are impossible to duplicate in the new hierarchy.If SM really wanted to make webcat more secure, they could have developed a mechanism that prevents any suffix listed as a database from being displayed in the browser as a template. This one simple change would effectively prevent *all* database files from being displayed in the browser -- unless they are first re-written with a valid template suffix.This would have provided far more security to may users than the change they made to the variable hierarchy. I seem to get one or two private email messages a month asking me why webcat displays the entire contents of a database file in the browser! This makes it obvious to me that some people don't even know how to set the current preferences correctly, and that's a security issue if there ever was one.>I suspect that everyone who stumbled across this behavior on>their own did so while uncovering a mistake in their code.I did not stumble on this, so I guess your suspicions are wrong ... :)If you read the archives during the time text variables first came out, I think you will find that some of the most experienced webdna programmers available at that time were asking important questions about the variable hierarchy. And at that time, PCS clearly stated that text and math variables were going to be lower in the hierarchy than formvariables -- which means they would be overridden by incoming formvariables having the same names.This kind of information starts some people's mental gears spinning, and that's one reason wny I believe that many of us ended up developing the same (or very similar) coding techniques that take full advantage of the traditional hierarchy.Of course, anyone who wasn't on the list at that time would not have been presented with this information in such a direct way, so maybe these late-comers would not have been thinking about it as must as those of us who were actually there when this was all happening.And maybe these techniques would not have occurred to those with strong backgrounds in other programming environments which are dramatically different from the webdna coding environment.But all these people might end up learning similar techniques simply by reading the examples posted i the archives and on this list. Therefore, I feel that very few people actually 'stumbled' upon anything.Of course, this is only my opinion ... :)================================Kenneth Grome, WebDNA Consultant808-737-6499 http://webdna.net================================-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Kenneth Grome

DOWNLOAD WEBDNA NOW!

Overriding text variables ...

2000

Top Articles:

Related Readings: