Re: The [shownext] limitations

This WebDNA talk-list message is from

2002


It keeps the original formatting.
numero = 45801
interpreted = N
texte = Brian Burton wrote: > (i.e. if you leave the search command open, you probably leave append > and replace open as well. ) > There is a point where security conscious design becomes needless paranoia. Our databases are R/O, in that I permit search but not append/replace as commands, since our data comes from an external source, rather than being updated online. All of the hard lifting is done in contexts in any case. I assure you that that was a small fraction of our fields (and with multiple tables as well). I'm in no way concerned about information leakage cause by still using commands.For my money, making the search pages very easy to program and manage, not to mention easy for the user to navigate, is worth the slight loss in security through using FORM POST instead of contexts. YMMVJohn-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4720 Boston Way Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5747 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: The [shownext] limitations (John Peacock 2002)
  2. Re: The [shownext] limitations (Frank Nordberg 2002)
  3. Re: The [shownext] limitations (Dan Strong 2002)
  4. Re: The [shownext] limitations (Donovan 2002)
  5. Re: The [shownext] limitations (Dan Strong 2002)
  6. Re: The [shownext] limitations (Donovan 2002)
  7. Re: The [shownext] limitations (Brian Burton 2002)
  8. Re: The [shownext] limitations (Brian Fries 2002)
  9. Re: The [shownext] limitations (Claude Gelinas 2002)
  10. Re: The [shownext] limitations (Brian Fries 2002)
  11. Re: The [shownext] limitations (John Peacock 2002)
  12. Re: The [shownext] limitations (Claude Gelinas 2002)
  13. Re: The [shownext] limitations (Brian Burton 2002)
  14. Re: The [shownext] limitations (Glenn Busbin 2002)
  15. Re: The [shownext] limitations (Frank Nordberg 2002)
  16. The [shownext] limitations (Claude Gelinas 2002)
Brian Burton wrote: > (i.e. if you leave the search command open, you probably leave append > and replace open as well. ) > There is a point where security conscious design becomes needless paranoia. Our databases are R/O, in that I permit search but not append/replace as commands, since our data comes from an external source, rather than being updated online. All of the hard lifting is done in contexts in any case. I assure you that that was a small fraction of our fields (and with multiple tables as well). I'm in no way concerned about information leakage cause by still using commands.For my money, making the search pages very easy to program and manage, not to mention easy for the user to navigate, is worth the slight loss in security through using FORM POST instead of contexts. YMMVJohn-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4720 Boston Way Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5747 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Setting up the server (1997) Webcat no longer supported? (2006) Pull down menu for categories (2000) [OT] md5 or sha-1 on OSX (2007) [BoldWords] WebCat.acgib15Mac (1997) Bug Report, maybe (1997) OT: zipcodes (2002) popmenus database and line items (2000) Speaking of... (1999) customizing the color of user's pages (1997) [GROUPS] followup (1997) Conveting Characters to Graphics (1997) & in Lookups (1997) Displaying text and populating form fields (2005) Suffix Mapping (1997) [taxRate] [TaxTotal] ? (1997) Netiquette: how to get the most out of this list (1999) UPS Shipping Docs (Where To Go) (1999) Date search - yes or no (1997) Re:2nd WebCatalog2 Feature Request (1996)