Re: [ReturnRaw] and hiding FORM data
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 46904
interpreted = N
texte = Clayton,WebDNA code like [WebDNA] are parsed correclty for variables or for return items in a [founditems]It is not the [WebDNA] code im worried about, but the form or database field names. The data returned from Parsing is only for 1 record.By hiding the Form data in a [ReturnRaw] you get nothing shown in the origial page source or the result page or URL for the search.Take a look at my example form here:
this is the same as a url link: /Results.tpl$search?db=test.db&var1=1&var2=2&var3=3sample [WebDNA]: [var1] = Hello [var2] = World [var3] = PrivateIf I was using [WebDNA] with the sample FORM code would look like:
would look like this in the HTML source
this is the same as a url link: /Results.tpl$search?db=test.db&var1=Hello&var2=World&var3=Privatefrom here people can see that you are using a database 'test.db' and there a fields you can do a search on called 'var1', 'var2', 'var3'so any one who knows WebDNA can generate a url to do this:/Results.tpl$search?db=test.db&gevar3=0&var3sort=1&var3sdir=asYou can get this information from the Form Data in ANY html page!Just goto a web page that has a form then from the menu select view source - form data is shownNow these are just examples of what can be done. I do not want critism on the example FORMI just want to use [ReturnRaw] to pass FORM Data just like a normal form would... but all the DATA is invisible as the [ReturnRaw] is a WebDNA parsed result, not some sort of link like a FORM on a page you can view the souce of.-- Regards,Marko------------------------------------------------------------------Marko Bernyk - Senior System Engineermailto:marko@conexus.com.au http://www.conexus.com.auTechnical Services, Conexus Pty Ltd, Sydney, AustraliaPh 02 9975 2799 Fax 02 9975 2799 :)------------------------------------------------------------------On Thursday, 16 January 2003 3:31 PM, Clayton Randall
wrote:>If the code is webcat code, and the webdna processor properly parses >the file, there is no source shown to the browser, it is just a plain >webpage.>On Wednesday, January 15, 2003, at 11:28 PM, Marko Bernyk>wrote:>>> Thanks Tim...>>>> But it still does not satify my request in part 2)>>>>>> By using a [ReturnRaw] command you can hide all search cammands in a >>>> page>>>> that:>>>> 1) never shows the cammands in a URL,>>>> 2) is never part of the referer page source>>>> and best of all>>>> 3) nobody can ever see the search code as the page that contains the >>>> code is a>>>> [ReturnRaw] page and will always be processed as a web page and >>>> never have any>>>> source.>>>> The FORM data is still part of the referer page ie: the page you click >> on to do the search.>>>> By using [ReturnRaw] I would not have ANY data showing on any pages >> source or URL!>> This increases security of data hackers using your search code to get >> Information out of databases they should not have access to.>> eg: Normal users vs members, or Differnet levels of Admin rights to a >> database.>> This also would mean that certin databases don't not have to be >> duplicated if 90% of the data is the same.>>>> -- >> Regards,>> Marko>> ------------------------------------------------------------------>> Marko Bernyk - Senior System Engineer>> mailto:marko@conexus.com.au http://www.conexus.com.au>> Technical Services, Conexus Pty Ltd, Sydney, Australia>> Ph 02 9975 2799 Fax 02 9975 2799 :)>> ------------------------------------------------------------------>>>> On Thursday, 16 January 2003 12:31 PM, Tim Robinson >> wrote:>>> Just have the [search] context and db value on the results.tpl>>> page.>>>>>> >>>>>> On page results.tpl:>>>>>> [search db=test.db&etc]>>> [founditems]>>> stuff>>> [/founditems]>>> [/search]>>>>>> The form post will not have any other values in the URL.>>>>>> Regards,>>> Tim>>> -- >>> Tim Robinson>>> IDFK Web Developments>>> tim@idfk.com.au>>> 114a/40 Yeo Street>>> Neutral Bay 2089>>> Australia>>> Phone +612 9908 2134>>> Fax +612 9908 4837>>>>>>> From: Marko Bernyk >>>> Reply-To: (WebCatalog Talk)>>>> Date: 16 Jan 2003 12:20:35 +1100>>>> To: (WebCatalog Talk)>>>> Subject: [ReturnRaw] and hiding FORM data>>>>>>>> What I want to do is perform a [ReturnRaw] command that will perform >>>> exactly>>>> as pressing a Submit button on a form. Including the new page url not>>>> containing the search data!>>>>>>>> eg: here is a example form>>>> >>>>>>>> Now you can also use the full url to get the same search result as >>>> the FORM:>>>> http://192.168.1.1/Results.tpl$search?db=test.db&vat1=1&var2=2&var3=3>>>>>>>> but the FORM has the added advantage of hiding the data in the >>>> search request.>>>> The FORM opens up a result page and it just displays>>>> http://192.168.1.1/Results.tpl$search as the url.>>>>>>>> So now you know the result I want, here is the reason:>>>> But putting the Search query in a FORM you can hide the result page >>>> search>>>> Data - but the data is still in the HTML code of the referrer page >>>> as FORM>>>> syntax - anyone can read this as source.>>>>>>>> By using a [ReturnRaw] command you can hide all search cammands in a >>>> page>>>> that:>>>> 1) never shows the cammands in a URL,>>>> 2) is never part of the referer page source>>>> and best of all>>>> 3) nobody can ever see the search code as the page that contains the >>>> code is a>>>> [ReturnRaw] page and will always be processed as a web page and >>>> never have any>>>> source.>>>>>>>>>>>> So my Test of [ReturnRaw] is this:>>>> (Note Mac users need to save file as DOS style text, as DOS carrage >>>> returns>>>> are needed for this work)>>>>>>>> [returnraw]HTTP/1.0 302 Found>>>> Location: /Results.tpl$search?db=catalog.db&var1=1&var2=2&var3=3>>>>>>>> [/returnraw]>>>>>>>> From what I can gather [ReturnRaw] is a redirect result (using Code >>>> 302)>>>> forcing the browser to jump to the link in 'Location:' , It is not a >>>> request>>>> for a url!>>>>>>>> I determined this using Etherpeek and looking up w3.org file>>>> http://www.ietf.org/rfc/rfc2616.txt - Page 135 Section 14.30>>>> My EtherPeek packet result for the FORM being processes is:>>>> Command: POST>>>> URI: /Results.tpl$search>>>> Version: HTTP/1.1>>>> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*>>>> Referer: http://192.168.1.1/test.tpl>>>> Accept-Language: en-au>>>> Content-Type: application/x-www-form-urlencoded>>>> Accept-Encoding: gzip, deflate>>>> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)>>>> Host: brains.conexus.com.au>>>> Content-Length: 45>>>> Connection: Keep-Alive>>>> Cache-Control: no-cache>>>>>>>> Line 1: db=test.db&var1=1&var2=2&var3=3&Submit=Submit>>>>>>>> --END-->>>>>>>>>>>> How would you code a [ReturnRaw] for the FORM above to get a result >>>> page with>>>> NO search data in the URL?>>>> What Other commands can be used in the [ReturnRaw]>>>>>>>>>>>> -- >>>> Regards,>>>> Marko>>>> ------------------------------------------------------------------>>>> Marko Bernyk - Senior System Engineer>>>> mailto:marko@conexus.com.au http://www.conexus.com.au>>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>>> Ph 02 9975 2799 Fax 02 9975 2799 :)>>>> ------------------------------------------------------------------>>>>>>>>>>>>>>>> ------------------------------------------------------------->>>> This message is sent to you because you are subscribed to>>>> the mailing list .>>>> To unsubscribe, E-mail to: >>>> To switch to the DIGEST mode, E-mail to>>>> >>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>>>>>>>> ------------------------------------------------------------->>> This message is sent to you because you are subscribed to>>> the mailing list .>>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to >>> >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Clayton,WebDNA code like [WebDNA] are parsed correclty for variables or for return items in a [founditems]It is not the [WebDNA] code im worried about, but the form or database field names. The data returned from Parsing is only for 1 record.By hiding the Form data in a [returnraw] you get nothing shown in the origial page source or the result page or URL for the search.Take a look at my example form here:this is the same as a url link: /Results.tpl$search?db=test.db&var1=1&var2=2&var3=3sample [WebDNA]: [var1] = Hello [var2] = World [var3] = PrivateIf I was using [WebDNA] with the sample FORM code would look like:would look like this in the HTML sourcethis is the same as a url link: /Results.tpl$search?db=test.db&var1=Hello&var2=World&var3=Privatefrom here people can see that you are using a database 'test.db' and there a fields you can do a search on called 'var1', 'var2', 'var3'so any one who knows WebDNA can generate a url to do this:/Results.tpl$search?db=test.db&gevar3=0&var3sort=1&var3sdir=asYou can get this information from the Form Data in ANY html page!Just goto a web page that has a form then from the menu select view source - form data is shownNow these are just examples of what can be done. I do not want critism on the example FORMI just want to use [returnraw] to pass FORM Data just like a normal form would... but all the DATA is invisible as the [returnraw] is a WebDNA parsed result, not some sort of link like a FORM on a page you can view the souce of.-- Regards,Marko------------------------------------------------------------------Marko Bernyk - Senior System Engineermailto:marko@conexus.com.au http://www.conexus.com.auTechnical Services, Conexus Pty Ltd, Sydney, AustraliaPh 02 9975 2799 Fax 02 9975 2799 :)------------------------------------------------------------------On Thursday, 16 January 2003 3:31 PM, Clayton Randall wrote:>If the code is webcat code, and the webdna processor properly parses >the file, there is no source shown to the browser, it is just a plain >webpage.>On Wednesday, January 15, 2003, at 11:28 PM, Marko Bernyk>wrote:>>> Thanks Tim...>>>> But it still does not satify my request in part 2)>>>>>> By using a [returnraw] command you can hide all search cammands in a >>>> page>>>> that:>>>> 1) never shows the cammands in a URL,>>>> 2) is never part of the referer page source>>>> and best of all>>>> 3) nobody can ever see the search code as the page that contains the >>>> code is a>>>> [returnraw] page and will always be processed as a web page and >>>> never have any>>>> source.>>>> The FORM data is still part of the referer page ie: the page you click >> on to do the search.>>>> By using [returnraw] I would not have ANY data showing on any pages >> source or URL!>> This increases security of data hackers using your search code to get >> Information out of databases they should not have access to.>> eg: Normal users vs members, or Differnet levels of Admin rights to a >> database.>> This also would mean that certin databases don't not have to be >> duplicated if 90% of the data is the same.>>>> -- >> Regards,>> Marko>> ------------------------------------------------------------------>> Marko Bernyk - Senior System Engineer>> mailto:marko@conexus.com.au http://www.conexus.com.au>> Technical Services, Conexus Pty Ltd, Sydney, Australia>> Ph 02 9975 2799 Fax 02 9975 2799 :)>> ------------------------------------------------------------------>>>> On Thursday, 16 January 2003 12:31 PM, Tim Robinson >> wrote:>>> Just have the [search] context and db value on the results.tpl>>> page.>>>>>> >>>>>> On page results.tpl:>>>>>> [search db=test.db&etc]>>> [founditems]>>> stuff>>> [/founditems]>>> [/search]>>>>>> The form post will not have any other values in the URL.>>>>>> Regards,>>> Tim>>> -- >>> Tim Robinson>>> IDFK Web Developments>>> tim@idfk.com.au>>> 114a/40 Yeo Street>>> Neutral Bay 2089>>> Australia>>> Phone +612 9908 2134>>> Fax +612 9908 4837>>>>>>> From: Marko Bernyk >>>> Reply-To: (WebCatalog Talk)>>>> Date: 16 Jan 2003 12:20:35 +1100>>>> To: (WebCatalog Talk)>>>> Subject: [returnraw] and hiding FORM data>>>>>>>> What I want to do is perform a [returnraw] command that will perform >>>> exactly>>>> as pressing a Submit button on a form. Including the new page url not>>>> containing the search data!>>>>>>>> eg: here is a example form>>>> >>>>>>>> Now you can also use the full url to get the same search result as >>>> the FORM:>>>> http://192.168.1.1/Results.tpl$search?db=test.db&vat1=1&var2=2&var3=3>>>>>>>> but the FORM has the added advantage of hiding the data in the >>>> search request.>>>> The FORM opens up a result page and it just displays>>>> http://192.168.1.1/Results.tpl$search as the url.>>>>>>>> So now you know the result I want, here is the reason:>>>> But putting the Search query in a FORM you can hide the result page >>>> search>>>> Data - but the data is still in the HTML code of the referrer page >>>> as FORM>>>> syntax - anyone can read this as source.>>>>>>>> By using a [returnraw] command you can hide all search cammands in a >>>> page>>>> that:>>>> 1) never shows the cammands in a URL,>>>> 2) is never part of the referer page source>>>> and best of all>>>> 3) nobody can ever see the search code as the page that contains the >>>> code is a>>>> [returnraw] page and will always be processed as a web page and >>>> never have any>>>> source.>>>>>>>>>>>> So my Test of [returnraw] is this:>>>> (Note Mac users need to save file as DOS style text, as DOS carrage >>>> returns>>>> are needed for this work)>>>>>>>> [returnraw]HTTP/1.0 302 Found>>>> Location: /Results.tpl$search?db=catalog.db&var1=1&var2=2&var3=3>>>>>>>> [/returnraw]>>>>>>>> From what I can gather [returnraw] is a redirect result (using Code >>>> 302)>>>> forcing the browser to jump to the link in 'Location:' , It is not a >>>> request>>>> for a url!>>>>>>>> I determined this using Etherpeek and looking up w3.org file>>>> http://www.ietf.org/rfc/rfc2616.txt - Page 135 Section 14.30>>>> My EtherPeek packet result for the FORM being processes is:>>>> Command: POST>>>> URI: /Results.tpl$search>>>> Version: HTTP/1.1>>>> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*>>>> Referer: http://192.168.1.1/test.tpl>>>> Accept-Language: en-au>>>> Content-Type: application/x-www-form-urlencoded>>>> Accept-Encoding: gzip, deflate>>>> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)>>>> Host: brains.conexus.com.au>>>> Content-Length: 45>>>> Connection: Keep-Alive>>>> Cache-Control: no-cache>>>>>>>> Line 1: db=test.db&var1=1&var2=2&var3=3&Submit=Submit>>>>>>>> --END-->>>>>>>>>>>> How would you code a [returnraw] for the FORM above to get a result >>>> page with>>>> NO search data in the URL?>>>> What Other commands can be used in the [returnraw]>>>>>>>>>>>> -- >>>> Regards,>>>> Marko>>>> ------------------------------------------------------------------>>>> Marko Bernyk - Senior System Engineer>>>> mailto:marko@conexus.com.au http://www.conexus.com.au>>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>>> Ph 02 9975 2799 Fax 02 9975 2799 :)>>>> ------------------------------------------------------------------>>>>>>>>>>>>>>>> ------------------------------------------------------------->>>> This message is sent to you because you are subscribed to>>>> the mailing list .>>>> To unsubscribe, E-mail to: >>>> To switch to the DIGEST mode, E-mail to>>>> >>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>>>>>>>> ------------------------------------------------------------->>> This message is sent to you because you are subscribed to>>> the mailing list .>>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to >>> >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Marko Bernyk
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
What is WebDNA (1997)
Re1000001: Setting up shop (1997)
How do you TEAM Code? (2004)
hierarchy question... (2000)
FWD: Autoproxy Bug with WebCatalog and FireSite (1997)
How to archive....? (1998)
Comparing two fields so the match (1998)
Slightly OT: [sendmail] help (2003)
Can you do this??? and other stuff (1997)
Practice runs ? (1997)
carriage returns in data (1997)
RE: Languages (1997)
Forbidden CGI Error (1997)
Requiring that certain fields be completed (1997)
HTTP Header / Meta Equiv (1999)
[ShowNext] feature in 2.0 (1997)
WC2.0 Memory Requirements (1997)
Memory requirements? (2000)
WebCat & WebTen (1997)
Re:Formulas.db / Quantity Discount problem (1998)