Re: [ReturnRaw] and hiding FORM data

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 46902
interpreted = N
texte = Thanks Tim...But it still does not satify my request in part 2)>> By using a [ReturnRaw] command you can hide all search cammands in a page >> that: >> 1) never shows the cammands in a URL, >> 2) is never part of the referer page source >> and best of all >> 3) nobody can ever see the search code as the page that contains the code is a >> [ReturnRaw] page and will always be processed as a web page and never have any >> source.The FORM data is still part of the referer page ie: the page you click on to do the search.By using [ReturnRaw] I would not have ANY data showing on any pages source or URL! This increases security of data hackers using your search code to get Information out of databases they should not have access to. eg: Normal users vs members, or Differnet levels of Admin rights to a database. This also would mean that certin databases don't not have to be duplicated if 90% of the data is the same.-- Regards, Marko ------------------------------------------------------------------ Marko Bernyk - Senior System Engineer mailto:marko@conexus.com.au  http://www.conexus.com.au Technical Services, Conexus Pty Ltd, Sydney, Australia Ph 02 9975 2799 Fax 02 9975 2799          :) ------------------------------------------------------------------On Thursday, 16 January 2003 12:31 PM, Tim Robinson wrote: >Just have the [search] context and db value on the results.tpl >page. > >
> > > > >
> >On page results.tpl: > >[search db=test.db&etc] >[founditems] >stuff >[/founditems] >[/search] > >The form post will not have any other values in the URL. > >Regards, >Tim >-- >Tim Robinson >IDFK Web Developments >tim@idfk.com.au >114a/40 Yeo Street >Neutral Bay 2089 >Australia >Phone +612 9908 2134 >Fax +612 9908 4837 > >> From: Marko Bernyk >> Reply-To: (WebCatalog Talk) >> Date: 16 Jan 2003 12:20:35 +1100 >> To: (WebCatalog Talk) >> Subject: [ReturnRaw] and hiding FORM data >> >> What I want to do is perform a [ReturnRaw] command that will perform exactly >> as pressing a Submit button on a form. Including the new page url not >> containing the search data! >> >> eg: here is a example form >>
>> >> >> >> >> >>
>> >> Now you can also use the full url to get the same search result as the FORM: >> http://192.168.1.1/Results.tpl$search?db=test.db&vat1=1&var2=2&var3=3 >> >> but the FORM has the added advantage of hiding the data in the search request. >> The FORM opens up a result page and it just displays >> http://192.168.1.1/Results.tpl$search as the url. >> >> So now you know the result I want, here is the reason: >> But putting the Search query in a FORM you can hide the result page search >> Data - but the data is still in the HTML code of the referrer page as FORM >> syntax - anyone can read this as source. >> >> By using a [ReturnRaw] command you can hide all search cammands in a page >> that: >> 1) never shows the cammands in a URL, >> 2) is never part of the referer page source >> and best of all >> 3) nobody can ever see the search code as the page that contains the code is a >> [ReturnRaw] page and will always be processed as a web page and never have any >> source. >> >> >> So my Test of [ReturnRaw] is this: >> (Note Mac users need to save file as DOS style text, as DOS carrage returns >> are needed for this work) >> >> [returnraw]HTTP/1.0 302 Found >> Location: /Results.tpl$search?db=catalog.db&var1=1&var2=2&var3=3 >> >> [/returnraw] >> >> From what I can gather [ReturnRaw] is a redirect result (using Code 302) >> forcing the browser to jump to the link in 'Location:' , It is not a request >> for a url! >> >> I determined this using Etherpeek and looking up w3.org file >> http://www.ietf.org/rfc/rfc2616.txt - Page 135 Section 14.30 >> My EtherPeek packet result for the FORM being processes is: >> Command: POST >> URI: /Results.tpl$search >> Version: HTTP/1.1 >> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* >> Referer: http://192.168.1.1/test.tpl >> Accept-Language: en-au >> Content-Type: application/x-www-form-urlencoded >> Accept-Encoding: gzip, deflate >> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) >> Host: brains.conexus.com.au >> Content-Length: 45 >> Connection: Keep-Alive >> Cache-Control: no-cache >> >> Line 1: db=test.db&var1=1&var2=2&var3=3&Submit=Submit >> >> --END-- >> >> >> How would you code a [ReturnRaw] for the FORM above to get a result page with >> NO search data in the URL? >> What Other commands can be used in the [ReturnRaw] >> >> >> -- >> Regards, >> Marko >> ------------------------------------------------------------------ >> Marko Bernyk - Senior System Engineer >> mailto:marko@conexus.com.au  http://www.conexus.com.au >> Technical Services, Conexus Pty Ltd, Sydney, Australia >> Ph 02 9975 2799 Fax 02 9975 2799          :) >> ------------------------------------------------------------------ >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> > > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [ReturnRaw] and hiding FORM data (Kenneth Grome 2003)
  2. Re: [ReturnRaw] and hiding FORM data (Kenneth Grome 2003)
  3. Re: [ReturnRaw] and hiding FORM data (Kenneth Grome 2003)
  4. Re: [ReturnRaw] and hiding FORM data (Kenneth Grome 2003)
  5. Re: [ReturnRaw] and hiding FORM data (Kenneth Grome 2003)
  6. Re: [ReturnRaw] and hiding FORM data (Marko Bernyk 2003)
  7. Re: [ReturnRaw] and hiding FORM data (Tim Robinson 2003)
  8. Re: [ReturnRaw] and hiding FORM data (Marko Bernyk 2003)
  9. Re: [ReturnRaw] and hiding FORM data (Marko Bernyk 2003)
  10. Re: [ReturnRaw] and hiding FORM data (Clayton Randall 2003)
  11. Re: [ReturnRaw] and hiding FORM data (Marko Bernyk 2003)
  12. Re: [ReturnRaw] and hiding FORM data (Tim Robinson 2003)
  13. [ReturnRaw] and hiding FORM data (Marko Bernyk 2003)
Thanks Tim...But it still does not satify my request in part 2)>> By using a [returnraw] command you can hide all search cammands in a page >> that: >> 1) never shows the cammands in a URL, >> 2) is never part of the referer page source >> and best of all >> 3) nobody can ever see the search code as the page that contains the code is a >> [returnraw] page and will always be processed as a web page and never have any >> source.The FORM data is still part of the referer page ie: the page you click on to do the search.By using [returnraw] I would not have ANY data showing on any pages source or URL! This increases security of data hackers using your search code to get Information out of databases they should not have access to. eg: Normal users vs members, or Differnet levels of Admin rights to a database. This also would mean that certin databases don't not have to be duplicated if 90% of the data is the same.-- Regards, Marko ------------------------------------------------------------------ Marko Bernyk - Senior System Engineer mailto:marko@conexus.com.au  http://www.conexus.com.au Technical Services, Conexus Pty Ltd, Sydney, Australia Ph 02 9975 2799 Fax 02 9975 2799          :) ------------------------------------------------------------------On Thursday, 16 January 2003 12:31 PM, Tim Robinson wrote: >Just have the [search] context and db value on the results.tpl >page. > >
> > > > >
> >On page results.tpl: > >[search db=test.db&etc] >[founditems] >stuff >[/founditems] >[/search] > >The form post will not have any other values in the URL. > >Regards, >Tim >-- >Tim Robinson >IDFK Web Developments >tim@idfk.com.au >114a/40 Yeo Street >Neutral Bay 2089 >Australia >Phone +612 9908 2134 >Fax +612 9908 4837 > >> From: Marko Bernyk >> Reply-To: (WebCatalog Talk) >> Date: 16 Jan 2003 12:20:35 +1100 >> To: (WebCatalog Talk) >> Subject: [returnraw] and hiding FORM data >> >> What I want to do is perform a [returnraw] command that will perform exactly >> as pressing a Submit button on a form. Including the new page url not >> containing the search data! >> >> eg: here is a example form >>
>> >> >> >> >> >>
>> >> Now you can also use the full url to get the same search result as the FORM: >> http://192.168.1.1/Results.tpl$search?db=test.db&vat1=1&var2=2&var3=3 >> >> but the FORM has the added advantage of hiding the data in the search request. >> The FORM opens up a result page and it just displays >> http://192.168.1.1/Results.tpl$search as the url. >> >> So now you know the result I want, here is the reason: >> But putting the Search query in a FORM you can hide the result page search >> Data - but the data is still in the HTML code of the referrer page as FORM >> syntax - anyone can read this as source. >> >> By using a [returnraw] command you can hide all search cammands in a page >> that: >> 1) never shows the cammands in a URL, >> 2) is never part of the referer page source >> and best of all >> 3) nobody can ever see the search code as the page that contains the code is a >> [returnraw] page and will always be processed as a web page and never have any >> source. >> >> >> So my Test of [returnraw] is this: >> (Note Mac users need to save file as DOS style text, as DOS carrage returns >> are needed for this work) >> >> [returnraw]HTTP/1.0 302 Found >> Location: /Results.tpl$search?db=catalog.db&var1=1&var2=2&var3=3 >> >> [/returnraw] >> >> From what I can gather [returnraw] is a redirect result (using Code 302) >> forcing the browser to jump to the link in 'Location:' , It is not a request >> for a url! >> >> I determined this using Etherpeek and looking up w3.org file >> http://www.ietf.org/rfc/rfc2616.txt - Page 135 Section 14.30 >> My EtherPeek packet result for the FORM being processes is: >> Command: POST >> URI: /Results.tpl$search >> Version: HTTP/1.1 >> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* >> Referer: http://192.168.1.1/test.tpl >> Accept-Language: en-au >> Content-Type: application/x-www-form-urlencoded >> Accept-Encoding: gzip, deflate >> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) >> Host: brains.conexus.com.au >> Content-Length: 45 >> Connection: Keep-Alive >> Cache-Control: no-cache >> >> Line 1: db=test.db&var1=1&var2=2&var3=3&Submit=Submit >> >> --END-- >> >> >> How would you code a [returnraw] for the FORM above to get a result page with >> NO search data in the URL? >> What Other commands can be used in the [returnraw] >> >> >> -- >> Regards, >> Marko >> ------------------------------------------------------------------ >> Marko Bernyk - Senior System Engineer >> mailto:marko@conexus.com.au  http://www.conexus.com.au >> Technical Services, Conexus Pty Ltd, Sydney, Australia >> Ph 02 9975 2799 Fax 02 9975 2799          :) >> ------------------------------------------------------------------ >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> > > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Marko Bernyk

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Automated FTP from Shell - Update (2004) Bug Report, maybe (1997) cybercash question (2000) [shownext max=?] armed (1997) Remove WebDNA context (2001) Re:no template caching (1997) 2.0Beta Command Ref (can't find this instruction) (1997) Pithy questions on webcommerce & siteedit (1997) AutoCommit Preference? (1998) Interfacing WebMerchant to www.fedex.com (1997) View order not right (1997) PCS Frames (1997) how to check for no value while using [URL] to prevent cr (1999) Quitting WebMerchant ? (1997) rename a file (1997) Sorting (2005) WebCatalog can't find database (1997) [searchString] (1997) WebCatalog2 Feature Feedback (1996) too many nested ... problem (1997)