Re: how to post without certain data appearing in the html source

This WebDNA talk-list message is from

2001


It keeps the original formatting.
numero = 37000
interpreted = N
texte = Dale Therio wrote: > > > Are you concerned about users on your site being able to hack > > your > > templates and see the SMS site user information or are you > > concerned > > about the user information being visible to the SMS site. > > I am concerned that a user could see my username and password to > log into the SMS server. If they have that information they > could setup a page on their server/homepage and send SMS > messages on my dime.OK, then using TCPConnect to send the SMS messages via the other site becomes viable. None of the text in the template that calls the TCPConnect are visible in the final rendered HTML; the text that the remote site returns can also be filtered out of the HTML using [middle].> > > Describe how the program flow would happen so we can give you > > better advice. If a user logs into your site and sends the > > SMS via the other site, then TCPConnect would work fine > > (since it does not return anything to the browser (except > > what you want it to). > > There are a couple of ideas for using this technology. The > simplist idea is that user 1 can send a message to user 2 via a > form on my site. > > User one logs into the site, finds another user he wishes to > contact then in a similar fashion to how I have email replies > sent, clicks on a button which brings up a form to enter their > message. Then submits and the email (SMS in this case) is sent. > User 1 then gets a confirmation page which shows the content of > the message they just sent. > > The second possible use is for notifications of something going > happening on the site. User 1 has configured his preferences to > be notified of certain events that may occur on the site (such > as a specific user logging on), when the specified user logs on, > it will run in effect a trigger to see if someone has this user > in their notify list. Then the system would send an SMS message > to user 1 letting them know that user 2 is on the site (or for > example in the chat room). > > > The other option is have the user's > > template create the SMS message in a global folder and have a > > Trigger come along every minute and process all outgoing > > SMS messages (think about how e-mail works currently). > > Currently my email works like this: > > User clicks on send me an email link, gets a form (I pass the > profile ID of the intended recipient). User fills out the form, > clicks submit, on the results page I do a search, then within > the search I do the [sendmail] which is the only place the > recipent email address is exposed (and being within the sendmail > it is not in the html source), and present the result page. > > Are you suggesting that doing the same, but with a TCPConnect > would (should) result in similar results? Should I wrap the > [tcpconnect] with [spawn]?No reason to spawn it unless you are afraid of reponse time.> > I also will need to put some checking code in the page to > prevent multiple sendings of the same message which could happen > if they use the back button or in the case of Netscape, resize > the browser window or hit reload. I had many problems in the > past with people doing that when adding content to the database. > > The more I think about it, the better I like the idea of trying > to store this in a database then sending. That will prevent the > duplicate data problem and I will also me restricting how many > messages each user can send per month. > The more I think about it, the more I like of writing the SMS message to a file/database and having a server Trigger process it, rather than have the user template do it.John-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4720 Boston Way Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5747------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: how to post without certain data appearing in the html source (Aaron Lynch 2001)
  2. Re: how to post without certain data appearing in the html source (John Peacock 2001)
  3. Re: how to post without certain data appearing in the html source (Glenn Busbin 2001)
  4. Re: how to post without certain data appearing in the html source (John Peacock 2001)
  5. Re: how to post without certain data appearing in the html source (Christer Olsson 2001)
  6. Re: how to post without certain data appearing in the html source (Anup Setty 2001)
  7. Re: how to post without certain data appearing in the html source (Dale Therio 2001)
  8. Re: how to post without certain data appearing in the html source (Dale Therio 2001)
  9. how to post without certain data appearing in the html source (Dale Therio 2001)
Dale Therio wrote: > > > Are you concerned about users on your site being able to hack > > your > > templates and see the SMS site user information or are you > > concerned > > about the user information being visible to the SMS site. > > I am concerned that a user could see my username and password to > log into the SMS server. If they have that information they > could setup a page on their server/homepage and send SMS > messages on my dime.OK, then using TCPConnect to send the SMS messages via the other site becomes viable. None of the text in the template that calls the TCPConnect are visible in the final rendered HTML; the text that the remote site returns can also be filtered out of the HTML using [middle].> > > Describe how the program flow would happen so we can give you > > better advice. If a user logs into your site and sends the > > SMS via the other site, then TCPConnect would work fine > > (since it does not return anything to the browser (except > > what you want it to). > > There are a couple of ideas for using this technology. The > simplist idea is that user 1 can send a message to user 2 via a > form on my site. > > User one logs into the site, finds another user he wishes to > contact then in a similar fashion to how I have email replies > sent, clicks on a button which brings up a form to enter their > message. Then submits and the email (SMS in this case) is sent. > User 1 then gets a confirmation page which shows the content of > the message they just sent. > > The second possible use is for notifications of something going > happening on the site. User 1 has configured his preferences to > be notified of certain events that may occur on the site (such > as a specific user logging on), when the specified user logs on, > it will run in effect a trigger to see if someone has this user > in their notify list. Then the system would send an SMS message > to user 1 letting them know that user 2 is on the site (or for > example in the chat room). > > > The other option is have the user's > > template create the SMS message in a global folder and have a > > Trigger come along every minute and process all outgoing > > SMS messages (think about how e-mail works currently). > > Currently my email works like this: > > User clicks on send me an email link, gets a form (I pass the > profile ID of the intended recipient). User fills out the form, > clicks submit, on the results page I do a search, then within > the search I do the [sendmail] which is the only place the > recipent email address is exposed (and being within the sendmail > it is not in the html source), and present the result page. > > Are you suggesting that doing the same, but with a TCPConnect > would (should) result in similar results? Should I wrap the > [tcpconnect] with [spawn]?No reason to spawn it unless you are afraid of reponse time.> > I also will need to put some checking code in the page to > prevent multiple sendings of the same message which could happen > if they use the back button or in the case of Netscape, resize > the browser window or hit reload. I had many problems in the > past with people doing that when adding content to the database. > > The more I think about it, the better I like the idea of trying > to store this in a database then sending. That will prevent the > duplicate data problem and I will also me restricting how many > messages each user can send per month. > The more I think about it, the more I like of writing the SMS message to a file/database and having a server Trigger process it, rather than have the user template do it.John-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4720 Boston Way Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5747------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Just Testing (1997) cart info (1998) SOP for WebDNA talk - MSNBot Crashing (2004) Emailer setup (1997) Cookies [was How do I get Google to crawl a WebCat site?] (2003) Database cannot be opened (2005) [convertChars] and HTML Tags (1997) Busy WebCatalog (2000) NT Setup (1998) emailer (1997) 3+ Levels of Navigation (2006) Emailer (1997) Bug Report, maybe (1997) Separate SSL Server (1997) problems with 2 tags shakur (1997) WebCat2 - Getting to the browser's username/password data (1997) Recording size of uploaded file? (2001) MOOOOOO (2000) Need a little help with categories... (2003) Surprise x and y post args (1998)