Re: The [shownext] limitations
This WebDNA talk-list message is from 2002
It keeps the original formatting.
numero = 45801
interpreted = N
texte = Brian Burton wrote:> (i.e. if you leave the search command open, you probably leave append > and replace open as well. )> There is a point where security conscious design becomes needless paranoia. Our databases are R/O, in that I permit search but not append/replace as commands, since our data comes from an external source, rather than being updated online. All of the hard lifting is done in contexts in any case. I assure you that that was a small fraction of our fields (and with multiple tables as well). I'm in no way concerned about information leakage cause by still using commands.For my money, making the search pages very easy to program and manage, not to mention easy for the user to navigate, is worth the slight loss in security through using FORM POST instead of contexts. YMMVJohn-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4720 Boston WayLanham, MD 20706301-459-3366 x.5010fax 301-429-5747-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Brian Burton wrote:> (i.e. if you leave the search command open, you probably leave append > and replace open as well. )> There is a point where security conscious design becomes needless paranoia. Our databases are R/O, in that I permit search but not append/replace as commands, since our data comes from an external source, rather than being updated online. All of the hard lifting is done in contexts in any case. I assure you that that was a small fraction of our fields (and with multiple tables as well). I'm in no way concerned about information leakage cause by still using commands.For my money, making the search pages very easy to program and manage, not to mention easy for the user to navigate, is worth the slight loss in security through using FORM POST instead of contexts. YMMVJohn-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4720 Boston WayLanham, MD 20706301-459-3366 x.5010fax 301-429-5747-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
John Peacock
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Setting up the server (1997)
Webcat no longer supported? (2006)
Pull down menu for categories (2000)
[OT] md5 or sha-1 on OSX (2007)
[BoldWords] WebCat.acgib15Mac (1997)
Bug Report, maybe (1997)
OT: zipcodes (2002)
popmenus database and line items (2000)
Speaking of... (1999)
customizing the color of user's pages (1997)
[GROUPS] followup (1997)
Conveting Characters to Graphics (1997)
& in Lookups (1997)
Displaying text and populating form fields (2005)
Suffix Mapping (1997)
[taxRate] [TaxTotal] ? (1997)
Netiquette: how to get the most out of this list (1999)
UPS Shipping Docs (Where To Go) (1999)
Date search - yes or no (1997)
Re:2nd WebCatalog2 Feature Request (1996)