Re: [ReturnRaw] and hiding FORM data
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 46903
interpreted = N
texte = If the code is webcat code, and the webdna processor properly parses the file, there is no source shown to the browser, it is just a plain webpage.On Wednesday, January 15, 2003, at 11:28 PM, Marko Bernyk wrote:> Thanks Tim...>> But it still does not satify my request in part 2)>>>> By using a [ReturnRaw] command you can hide all search cammands in a >>> page>>> that:>>> 1) never shows the cammands in a URL,>>> 2) is never part of the referer page source>>> and best of all>>> 3) nobody can ever see the search code as the page that contains the >>> code is a>>> [ReturnRaw] page and will always be processed as a web page and >>> never have any>>> source.>> The FORM data is still part of the referer page ie: the page you click > on to do the search.>> By using [ReturnRaw] I would not have ANY data showing on any pages > source or URL!> This increases security of data hackers using your search code to get > Information out of databases they should not have access to.> eg: Normal users vs members, or Differnet levels of Admin rights to a > database.> This also would mean that certin databases don't not have to be > duplicated if 90% of the data is the same.>> -- > Regards,> Marko> ------------------------------------------------------------------> Marko Bernyk - Senior System Engineer> mailto:marko@conexus.com.au http://www.conexus.com.au> Technical Services, Conexus Pty Ltd, Sydney, Australia> Ph 02 9975 2799 Fax 02 9975 2799 :)> ------------------------------------------------------------------>> On Thursday, 16 January 2003 12:31 PM, Tim Robinson
> wrote:>> Just have the [search] context and db value on the results.tpl>> page.>>>> >>>> On page results.tpl:>>>> [search db=test.db&etc]>> [founditems]>> stuff>> [/founditems]>> [/search]>>>> The form post will not have any other values in the URL.>>>> Regards,>> Tim>> -- >> Tim Robinson>> IDFK Web Developments>> tim@idfk.com.au>> 114a/40 Yeo Street>> Neutral Bay 2089>> Australia>> Phone +612 9908 2134>> Fax +612 9908 4837>>>>> From: Marko Bernyk >>> Reply-To: (WebCatalog Talk)>>> Date: 16 Jan 2003 12:20:35 +1100>>> To: (WebCatalog Talk)>>> Subject: [ReturnRaw] and hiding FORM data>>>>>> What I want to do is perform a [ReturnRaw] command that will perform >>> exactly>>> as pressing a Submit button on a form. Including the new page url not>>> containing the search data!>>>>>> eg: here is a example form>>> >>>>>> Now you can also use the full url to get the same search result as >>> the FORM:>>> http://192.168.1.1/Results.tpl$search?db=test.db&vat1=1&var2=2&var3=3>>>>>> but the FORM has the added advantage of hiding the data in the >>> search request.>>> The FORM opens up a result page and it just displays>>> http://192.168.1.1/Results.tpl$search as the url.>>>>>> So now you know the result I want, here is the reason:>>> But putting the Search query in a FORM you can hide the result page >>> search>>> Data - but the data is still in the HTML code of the referrer page >>> as FORM>>> syntax - anyone can read this as source.>>>>>> By using a [ReturnRaw] command you can hide all search cammands in a >>> page>>> that:>>> 1) never shows the cammands in a URL,>>> 2) is never part of the referer page source>>> and best of all>>> 3) nobody can ever see the search code as the page that contains the >>> code is a>>> [ReturnRaw] page and will always be processed as a web page and >>> never have any>>> source.>>>>>>>>> So my Test of [ReturnRaw] is this:>>> (Note Mac users need to save file as DOS style text, as DOS carrage >>> returns>>> are needed for this work)>>>>>> [returnraw]HTTP/1.0 302 Found>>> Location: /Results.tpl$search?db=catalog.db&var1=1&var2=2&var3=3>>>>>> [/returnraw]>>>>>> From what I can gather [ReturnRaw] is a redirect result (using Code >>> 302)>>> forcing the browser to jump to the link in 'Location:' , It is not a >>> request>>> for a url!>>>>>> I determined this using Etherpeek and looking up w3.org file>>> http://www.ietf.org/rfc/rfc2616.txt - Page 135 Section 14.30>>> My EtherPeek packet result for the FORM being processes is:>>> Command: POST>>> URI: /Results.tpl$search>>> Version: HTTP/1.1>>> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*>>> Referer: http://192.168.1.1/test.tpl>>> Accept-Language: en-au>>> Content-Type: application/x-www-form-urlencoded>>> Accept-Encoding: gzip, deflate>>> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)>>> Host: brains.conexus.com.au>>> Content-Length: 45>>> Connection: Keep-Alive>>> Cache-Control: no-cache>>>>>> Line 1: db=test.db&var1=1&var2=2&var3=3&Submit=Submit>>>>>> --END-->>>>>>>>> How would you code a [ReturnRaw] for the FORM above to get a result >>> page with>>> NO search data in the URL?>>> What Other commands can be used in the [ReturnRaw]>>>>>>>>> -- >>> Regards,>>> Marko>>> ------------------------------------------------------------------>>> Marko Bernyk - Senior System Engineer>>> mailto:marko@conexus.com.au http://www.conexus.com.au>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>> Ph 02 9975 2799 Fax 02 9975 2799 :)>>> ------------------------------------------------------------------>>>>>>>>>>>> ------------------------------------------------------------->>> This message is sent to you because you are subscribed to>>> the mailing list .>>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to>>> >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
If the code is webcat code, and the webdna processor properly parses the file, there is no source shown to the browser, it is just a plain webpage.On Wednesday, January 15, 2003, at 11:28 PM, Marko Bernyk wrote:> Thanks Tim...>> But it still does not satify my request in part 2)>>>> By using a [returnraw] command you can hide all search cammands in a >>> page>>> that:>>> 1) never shows the cammands in a URL,>>> 2) is never part of the referer page source>>> and best of all>>> 3) nobody can ever see the search code as the page that contains the >>> code is a>>> [returnraw] page and will always be processed as a web page and >>> never have any>>> source.>> The FORM data is still part of the referer page ie: the page you click > on to do the search.>> By using [returnraw] I would not have ANY data showing on any pages > source or URL!> This increases security of data hackers using your search code to get > Information out of databases they should not have access to.> eg: Normal users vs members, or Differnet levels of Admin rights to a > database.> This also would mean that certin databases don't not have to be > duplicated if 90% of the data is the same.>> -- > Regards,> Marko> ------------------------------------------------------------------> Marko Bernyk - Senior System Engineer> mailto:marko@conexus.com.au http://www.conexus.com.au> Technical Services, Conexus Pty Ltd, Sydney, Australia> Ph 02 9975 2799 Fax 02 9975 2799 :)> ------------------------------------------------------------------>> On Thursday, 16 January 2003 12:31 PM, Tim Robinson > wrote:>> Just have the [search] context and db value on the results.tpl>> page.>>>> >>>> On page results.tpl:>>>> [search db=test.db&etc]>> [founditems]>> stuff>> [/founditems]>> [/search]>>>> The form post will not have any other values in the URL.>>>> Regards,>> Tim>> -- >> Tim Robinson>> IDFK Web Developments>> tim@idfk.com.au>> 114a/40 Yeo Street>> Neutral Bay 2089>> Australia>> Phone +612 9908 2134>> Fax +612 9908 4837>>>>> From: Marko Bernyk >>> Reply-To: (WebCatalog Talk)>>> Date: 16 Jan 2003 12:20:35 +1100>>> To: (WebCatalog Talk)>>> Subject: [returnraw] and hiding FORM data>>>>>> What I want to do is perform a [returnraw] command that will perform >>> exactly>>> as pressing a Submit button on a form. Including the new page url not>>> containing the search data!>>>>>> eg: here is a example form>>> >>>>>> Now you can also use the full url to get the same search result as >>> the FORM:>>> http://192.168.1.1/Results.tpl$search?db=test.db&vat1=1&var2=2&var3=3>>>>>> but the FORM has the added advantage of hiding the data in the >>> search request.>>> The FORM opens up a result page and it just displays>>> http://192.168.1.1/Results.tpl$search as the url.>>>>>> So now you know the result I want, here is the reason:>>> But putting the Search query in a FORM you can hide the result page >>> search>>> Data - but the data is still in the HTML code of the referrer page >>> as FORM>>> syntax - anyone can read this as source.>>>>>> By using a [returnraw] command you can hide all search cammands in a >>> page>>> that:>>> 1) never shows the cammands in a URL,>>> 2) is never part of the referer page source>>> and best of all>>> 3) nobody can ever see the search code as the page that contains the >>> code is a>>> [returnraw] page and will always be processed as a web page and >>> never have any>>> source.>>>>>>>>> So my Test of [returnraw] is this:>>> (Note Mac users need to save file as DOS style text, as DOS carrage >>> returns>>> are needed for this work)>>>>>> [returnraw]HTTP/1.0 302 Found>>> Location: /Results.tpl$search?db=catalog.db&var1=1&var2=2&var3=3>>>>>> [/returnraw]>>>>>> From what I can gather [returnraw] is a redirect result (using Code >>> 302)>>> forcing the browser to jump to the link in 'Location:' , It is not a >>> request>>> for a url!>>>>>> I determined this using Etherpeek and looking up w3.org file>>> http://www.ietf.org/rfc/rfc2616.txt - Page 135 Section 14.30>>> My EtherPeek packet result for the FORM being processes is:>>> Command: POST>>> URI: /Results.tpl$search>>> Version: HTTP/1.1>>> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*>>> Referer: http://192.168.1.1/test.tpl>>> Accept-Language: en-au>>> Content-Type: application/x-www-form-urlencoded>>> Accept-Encoding: gzip, deflate>>> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)>>> Host: brains.conexus.com.au>>> Content-Length: 45>>> Connection: Keep-Alive>>> Cache-Control: no-cache>>>>>> Line 1: db=test.db&var1=1&var2=2&var3=3&Submit=Submit>>>>>> --END-->>>>>>>>> How would you code a [returnraw] for the FORM above to get a result >>> page with>>> NO search data in the URL?>>> What Other commands can be used in the [returnraw]>>>>>>>>> -- >>> Regards,>>> Marko>>> ------------------------------------------------------------------>>> Marko Bernyk - Senior System Engineer>>> mailto:marko@conexus.com.au http://www.conexus.com.au>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>> Ph 02 9975 2799 Fax 02 9975 2799 :)>>> ------------------------------------------------------------------>>>>>>>>>>>> ------------------------------------------------------------->>> This message is sent to you because you are subscribed to>>> the mailing list .>>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to>>> >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Clayton Randall
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Searching for all records (1998)
WebCatalog Technical Reference (1997)
[WebDNA] Mac Question (2018)
Extra Text Fields (was Another question) (1997)
searches with dash, period etc. (2000)
WebCatalog can't find database (1997)
Setting up shop (1997)
[WriteFile] problems (1997)
format_to_days on NT (1997)
Generating unique SKU from [cart] - Still Stumped... (1997)
Dark Horse Comics success story (1997)
WebDNA on OS X Tiger (2006)
Shopping carts and reloading pages (1997)
how do we turn off staticpages page creation? (2003)
eq (2000)
Summing fields (1997)
[Fwd: Rotating Banners ... (was LinkExchange)] (1997)
emailer (1997)
FoundItems Question (1998)
auto adding SKUs w/DB helper (1998)