Re: The [shownext] limitations

This WebDNA talk-list message is from

2002


It keeps the original formatting.
numero = 45777
interpreted = N
texte = John, Thank you!In using your technique, I - the master hacker - now have access to the name of you databases file(s) and the names of the fields. It is dirt simple for any script kiddy to write a robot at this point to read all of the data from your database and reconstruct it externally. I'd put an even money bet (gee, I seem to be in a betting mood today, can't wait for CES In January!) that with not to much work I can modify the same data without your permission and probably without your knowledge.(i.e. if you leave the search command open, you probably leave append and replace open as well. )Brian B. Burton Burton Logistics 973-263-3036 973-296-6862 (cell)Consulting services to secure WebDNA driven websites now available. Contact me for more infoOn Wednesday, November 27, 2002, at 02:12 PM, John Peacock wrote:> Brian Burton wrote: >> HTML limitation, Some browsers truncate URLS longer then 256 >> characters. > > So use forms and POST, instead of URL's. No 256 character limitation; > this is, technically speaking, part of the original RFC's for HTTP > transactions. The fact that some browsers don't enforce that limit is > their problem, not yours. > >> Shownext is a terrible tag. > > Says you. I can quickly create all of the complicated logic to have > both a Next and Previous button with very little coding in my > template. For example this code: > > [ShowNext position=end&method=post&max=1] >
> [searchstring] > Height=16 Alt=Next [max] Border=0> >
> [/ShowNext] > > becomes this HTML: > >
> > > > > > > > > > > value=ATITLE+ASUBTTL+ASUBSUBTTL+AAU+AED+RELATED_SERIES> > > > > > > > Height=16 Alt=Next 8 Border=0> >
> > where all of those search terms were part of the original search > submission. The important parameters that must be set in the orignal > search: > > > > > are what makes this work. The max parameter to the shownext tag is > how many shownext items to display, not how many records to display in > each set of found records. > > The real genius of this scheme is there is a matching [shownext] in my > code for the previous_page, which is _automatically_ supressed when > there are no previous pages! I don't have to code anything at all. > And when the user browses to the end of the found set of records, the > next_page option is automatically supressed. > > I think [shownext] is one of the most powerful, and least understood, > tag in the WebDNA arsenal. > > My 2 cents > > John > > -- > John Peacock > Director of Information Research and Technology > Rowman & Littlefield Publishing Group > 4720 Boston Way > Lanham, MD 20706 > 301-459-3366 x.5010 > fax 301-429-5747 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: The [shownext] limitations (John Peacock 2002)
  2. Re: The [shownext] limitations (Frank Nordberg 2002)
  3. Re: The [shownext] limitations (Dan Strong 2002)
  4. Re: The [shownext] limitations (Donovan 2002)
  5. Re: The [shownext] limitations (Dan Strong 2002)
  6. Re: The [shownext] limitations (Donovan 2002)
  7. Re: The [shownext] limitations (Brian Burton 2002)
  8. Re: The [shownext] limitations (Brian Fries 2002)
  9. Re: The [shownext] limitations (Claude Gelinas 2002)
  10. Re: The [shownext] limitations (Brian Fries 2002)
  11. Re: The [shownext] limitations (John Peacock 2002)
  12. Re: The [shownext] limitations (Claude Gelinas 2002)
  13. Re: The [shownext] limitations (Brian Burton 2002)
  14. Re: The [shownext] limitations (Glenn Busbin 2002)
  15. Re: The [shownext] limitations (Frank Nordberg 2002)
  16. The [shownext] limitations (Claude Gelinas 2002)
John, Thank you!In using your technique, I - the master hacker - now have access to the name of you databases file(s) and the names of the fields. It is dirt simple for any script kiddy to write a robot at this point to read all of the data from your database and reconstruct it externally. I'd put an even money bet (gee, I seem to be in a betting mood today, can't wait for CES In January!) that with not to much work I can modify the same data without your permission and probably without your knowledge.(i.e. if you leave the search command open, you probably leave append and replace open as well. )Brian B. Burton Burton Logistics 973-263-3036 973-296-6862 (cell)Consulting services to secure WebDNA driven websites now available. Contact me for more infoOn Wednesday, November 27, 2002, at 02:12 PM, John Peacock wrote:> Brian Burton wrote: >> HTML limitation, Some browsers truncate URLS longer then 256 >> characters. > > So use forms and POST, instead of URL's. No 256 character limitation; > this is, technically speaking, part of the original RFC's for HTTP > transactions. The fact that some browsers don't enforce that limit is > their problem, not yours. > >> Shownext is a terrible tag. > > Says you. I can quickly create all of the complicated logic to have > both a Next and Previous button with very little coding in my > template. For example this code: > > [ShowNext position=end&method=post&max=1] >
> [searchstring] > Height=16 Alt=Next [max] Border=0> >
> [/ShowNext] > > becomes this HTML: > >
> > > > > > > > > > > value=ATITLE+ASUBTTL+ASUBSUBTTL+AAU+AED+RELATED_SERIES> > > > > > > > Height=16 Alt=Next 8 Border=0> >
> > where all of those search terms were part of the original search > submission. The important parameters that must be set in the orignal > search: > > > > > are what makes this work. The max parameter to the shownext tag is > how many shownext items to display, not how many records to display in > each set of found records. > > The real genius of this scheme is there is a matching [shownext] in my > code for the previous_page, which is _automatically_ supressed when > there are no previous pages! I don't have to code anything at all. > And when the user browses to the end of the found set of records, the > next_page option is automatically supressed. > > I think [shownext] is one of the most powerful, and least understood, > tag in the WebDNA arsenal. > > My 2 cents > > John > > -- > John Peacock > Director of Information Research and Technology > Rowman & Littlefield Publishing Group > 4720 Boston Way > Lanham, MD 20706 > 301-459-3366 x.5010 > fax 301-429-5747 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Brian Burton

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

NT considerations (1997) Bug? (1997) Add a field to the error log? (1997) WebTen? (1997) &fieldsdir=ra truely random?? (2000) Error Msg (1998) Strange errors in error log (1998) version 2 for NT (1997) Country & Ship-to address & other fields ? (1997) HELP WITH DATES (1997) Error, 101 a DNS problem ? (1997) How to put the Trademark Symbol (%99) in Sendmail? (2003) Re:Formulas.db / Quantity Discount problem (1998) To do multiple appends with single submit (2002) WebCat for Unix?? (1997) The Classifieds template set (2003) Changing the value assigned to a formvariable (2000) access denied problem (1997) newbie question about zip code search (2003) OT Server capacity (2003)