Re: [ReturnRaw] and hiding FORM data
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 46906
interpreted = N
texte = Oh... I should have added this.I know you can have a results.tpl as a form and pass items to it with fake field names and have the result page do the [search] with the real field names.This would then Hide the WebDNA fields as the results page is parsed.It is not just FORM search data I'm trying to hide.Links generated from WebDNA also display the '&field' names.This still does not tell me how to use [ReturnRaw] to do it.-- Regards,Marko------------------------------------------------------------------Marko Bernyk - Senior System Engineermailto:marko@conexus.com.au  http://www.conexus.com.auTechnical Services, Conexus Pty Ltd, Sydney, AustraliaPh 02 9975 2799    Fax 02 9975 2799                             :)------------------------------------------------------------------On Thursday, 16 January 2003 4:22 PM, Marko Bernyk 
 wrote:>Clayton,>>WebDNA code like [WebDNA] are parsed correclty for variables or>for return items in a [founditems]>>It is not the [WebDNA] code im worried about, but the form or>database field names. The data returned from Parsing is only for 1 record.>By hiding the Form data in a [ReturnRaw] you get nothing shown>in the origial page source or the result page or URL for the>search.>>Take a look at my example form here:>>>>this is the same as a url link:>/Results.tpl$search?db=test.db&var1=1&var2=2&var3=3>>>sample [WebDNA]: [var1] = Hello     [var2] = World     [var3] =>Private>>If I was using [WebDNA] with the sample FORM code would look like:>>>would look like this in the HTML source>>>this is the same as a url link:>/Results.tpl$search?db=test.db&var1=Hello&var2=World&var3=Private>>from here people can see that you are using a database>'test.db' and there a fields you can do a search on called>'var1', 'var2', 'var3'>>so any one who knows WebDNA can generate a url to do this:>/Results.tpl$search?db=test.db&gevar3=0&var3sort=1&var3sdir=as>>You can get this information from the Form Data in ANY html page!>Just goto a web page that has a form then from the menu select>view source - form data is shown>>Now these are just examples of what can be done. I do not want>critism on the example FORM>>I just want to use [ReturnRaw] to pass FORM Data just like a>normal form would... but all the DATA is invisible as the>[ReturnRaw] is a WebDNA parsed result, not some sort of link>like a FORM on a page you can view the souce of.>>-- >Regards,>Marko>------------------------------------------------------------------>Marko Bernyk - Senior System Engineer>mailto:marko@conexus.com.au  http://www.conexus.com.au>Technical Services, Conexus Pty Ltd, Sydney, Australia>Ph 02 9975 2799    Fax 02 9975 2799                             :)>------------------------------------------------------------------>>On Thursday, 16 January 2003 3:31 PM, Clayton Randall  wrote:>>If the code is webcat code, and the webdna processor properly parses >>the file, there is no source shown to the browser, it is just a plain >>webpage.>>On Wednesday, January 15, 2003, at 11:28  PM, Marko Bernyk>>wrote:>>>>> Thanks Tim...>>>>>> But it still does not satify my request in part 2)>>>>>>>> By using a [ReturnRaw] command you can hide all search cammands in a >>>>> page>>>>> that:>>>>> 1) never shows the cammands in a URL,>>>>> 2) is never part of the referer page source>>>>> and best of all>>>>> 3) nobody can ever see the search code as the page that contains the >>>>> code is a>>>>> [ReturnRaw] page and will always be processed as a web page and >>>>> never have any>>>>> source.>>>>>> The FORM data is still part of the referer page ie: the page you click >>> on to do the search.>>>>>> By using [ReturnRaw] I would not have ANY data showing on any pages >>> source or URL!>>> This increases security of data hackers using your search code to get >>> Information out of databases they should not have access to.>>> eg: Normal users vs members, or Differnet levels of Admin rights to a >>> database.>>> This also would mean that certin databases don't not have to be >>> duplicated if 90% of the data is the same.>>>>>> -- >>> Regards,>>> Marko>>> ------------------------------------------------------------------>>> Marko Bernyk - Senior System Engineer>>> mailto:marko@conexus.com.au  http://www.conexus.com.au>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>> Ph 02 9975 2799    Fax 02 9975 2799                             :)>>> ------------------------------------------------------------------>>>>>> On Thursday, 16 January 2003 12:31 PM, Tim Robinson  >>> wrote:>>>> Just have the [search] context and db value on the results.tpl>>>> page.>>>>>>>> >>>>>>>> On page results.tpl:>>>>>>>> [search db=test.db&etc]>>>> [founditems]>>>> stuff>>>> [/founditems]>>>> [/search]>>>>>>>> The form post will not have any other values in the URL.>>>>>>>> Regards,>>>> Tim>>>> -- >>>> Tim Robinson>>>> IDFK Web Developments>>>> tim@idfk.com.au>>>> 114a/40 Yeo Street>>>> Neutral Bay 2089>>>> Australia>>>> Phone +612 9908 2134>>>> Fax +612 9908 4837>>>>>>>>> From: Marko Bernyk >>>>> Reply-To:  (WebCatalog Talk)>>>>> Date: 16 Jan 2003 12:20:35 +1100>>>>> To:  (WebCatalog Talk)>>>>> Subject: [ReturnRaw] and hiding FORM data>>>>>>>>>> What I want to do is perform a [ReturnRaw] command that will perform >>>>> exactly>>>>> as pressing a Submit button on a form. Including the new page url not>>>>> containing the search data!>>>>>>>>>> eg: here is a example form>>>>> >>>>>>>>>> Now you can also use the full url to get the same search result as >>>>> the FORM:>>>>> http://192.168.1.1/Results.tpl$search?db=test.db&vat1=1&var2=2&var3=3>>>>>>>>>> but the FORM has the added advantage of hiding the data in the >>>>> search request.>>>>> The FORM opens up a result page and it just displays>>>>> http://192.168.1.1/Results.tpl$search as the url.>>>>>>>>>> So now you know the result I want, here is the reason:>>>>> But putting the Search query in a FORM you can hide the result page >>>>> search>>>>> Data - but the data is still in the HTML code of the referrer page >>>>> as FORM>>>>> syntax - anyone can read this as source.>>>>>>>>>> By using a [ReturnRaw] command you can hide all search cammands in a >>>>> page>>>>> that:>>>>> 1) never shows the cammands in a URL,>>>>> 2) is never part of the referer page source>>>>> and best of all>>>>> 3) nobody can ever see the search code as the page that contains the >>>>> code is a>>>>> [ReturnRaw] page and will always be processed as a web page and >>>>> never have any>>>>> source.>>>>>>>>>>>>>>> So my Test of [ReturnRaw] is this:>>>>> (Note Mac users need to save file as DOS style text, as DOS carrage >>>>> returns>>>>> are needed for this work)>>>>>>>>>> [returnraw]HTTP/1.0 302 Found>>>>> Location: /Results.tpl$search?db=catalog.db&var1=1&var2=2&var3=3>>>>>>>>>> [/returnraw]>>>>>>>>>> From what I can gather [ReturnRaw] is a redirect result (using Code >>>>> 302)>>>>> forcing the browser to jump to the link in 'Location:' , It is not a >>>>> request>>>>> for a url!>>>>>>>>>> I determined this using Etherpeek and looking up w3.org file>>>>> http://www.ietf.org/rfc/rfc2616.txt - Page 135 Section 14.30>>>>> My EtherPeek packet result for the FORM being processes is:>>>>> Command: POST>>>>> URI: /Results.tpl$search>>>>> Version: HTTP/1.1>>>>> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*>>>>> Referer: http://192.168.1.1/test.tpl>>>>> Accept-Language: en-au>>>>> Content-Type: application/x-www-form-urlencoded>>>>> Accept-Encoding: gzip, deflate>>>>> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)>>>>> Host: brains.conexus.com.au>>>>> Content-Length: 45>>>>> Connection: Keep-Alive>>>>> Cache-Control: no-cache>>>>>>>>>> Line  1: db=test.db&var1=1&var2=2&var3=3&Submit=Submit>>>>>>>>>> --END-->>>>>>>>>>>>>>> How would you code a [ReturnRaw] for the FORM above to get a result >>>>> page with>>>>> NO search data in the URL?>>>>> What Other commands can be used in the [ReturnRaw]>>>>>>>>>>>>>>> -- >>>>> Regards,>>>>> Marko>>>>> ------------------------------------------------------------------>>>>> Marko Bernyk - Senior System Engineer>>>>> mailto:marko@conexus.com.au  http://www.conexus.com.au>>>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>>>> Ph 02 9975 2799    Fax 02 9975 2799                             :)>>>>> ------------------------------------------------------------------>>>>>>>>>>>>>>>>>>>> ------------------------------------------------------------->>>>> This message is sent to you because you are subscribed to>>>>> the mailing list .>>>>> To unsubscribe, E-mail to: >>>>> To switch to the DIGEST mode, E-mail to>>>>> >>>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>>>>>>>>>>>>> ------------------------------------------------------------->>>> This message is sent to you because you are subscribed to>>>>  the mailing list .>>>> To unsubscribe, E-mail to: >>>> To switch to the DIGEST mode, E-mail to >>>> >>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>>>>>>>> ------------------------------------------------------------->>> This message is sent to you because you are subscribed to>>>   the mailing list .>>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to >>> >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>------------------------------------------------------------->>This message is sent to you because you are subscribed to>>  the mailing list .>>To unsubscribe, E-mail to: >>To switch to the DIGEST mode, E-mail to >>Web Archive of this list is at: http://webdna.smithmicro.com/>>>>-------------------------------------------------------------This message is sent to you because you are subscribed to  the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Oh... I should have added this.I know you can have a results.tpl as a form and pass items to it with fake field names and have the result page do the [search] with the real field names.This would then Hide the WebDNA fields as the results page is parsed.It is not just FORM search data I'm trying to hide.Links generated from WebDNA also display the '&field' names.This still does not tell me how to use [returnraw] to do it.-- Regards,Marko------------------------------------------------------------------Marko Bernyk - Senior System Engineermailto:marko@conexus.com.au  http://www.conexus.com.auTechnical Services, Conexus Pty Ltd, Sydney, AustraliaPh 02 9975 2799    Fax 02 9975 2799                             :)------------------------------------------------------------------On Thursday, 16 January 2003 4:22 PM, Marko Bernyk  wrote:>Clayton,>>WebDNA code like [WebDNA] are parsed correclty for variables or>for return items in a [founditems]>>It is not the [WebDNA] code im worried about, but the form or>database field names. The data returned from Parsing is only for 1 record.>By hiding the Form data in a [returnraw] you get nothing shown>in the origial page source or the result page or URL for the>search.>>Take a look at my example form here:>>>>this is the same as a url link:>/Results.tpl$search?db=test.db&var1=1&var2=2&var3=3>>>sample [WebDNA]: [var1] = Hello     [var2] = World     [var3] =>Private>>If I was using [WebDNA] with the sample FORM code would look like:>>>would look like this in the HTML source>>>this is the same as a url link:>/Results.tpl$search?db=test.db&var1=Hello&var2=World&var3=Private>>from here people can see that you are using a database>'test.db' and there a fields you can do a search on called>'var1', 'var2', 'var3'>>so any one who knows WebDNA can generate a url to do this:>/Results.tpl$search?db=test.db&gevar3=0&var3sort=1&var3sdir=as>>You can get this information from the Form Data in ANY html page!>Just goto a web page that has a form then from the menu select>view source - form data is shown>>Now these are just examples of what can be done. I do not want>critism on the example FORM>>I just want to use [returnraw] to pass FORM Data just like a>normal form would... but all the DATA is invisible as the>[returnraw] is a WebDNA parsed result, not some sort of link>like a FORM on a page you can view the souce of.>>-- >Regards,>Marko>------------------------------------------------------------------>Marko Bernyk - Senior System Engineer>mailto:marko@conexus.com.au  http://www.conexus.com.au>Technical Services, Conexus Pty Ltd, Sydney, Australia>Ph 02 9975 2799    Fax 02 9975 2799                             :)>------------------------------------------------------------------>>On Thursday, 16 January 2003 3:31 PM, Clayton Randall  wrote:>>If the code is webcat code, and the webdna processor properly parses >>the file, there is no source shown to the browser, it is just a plain >>webpage.>>On Wednesday, January 15, 2003, at 11:28  PM, Marko Bernyk>>wrote:>>>>> Thanks Tim...>>>>>> But it still does not satify my request in part 2)>>>>>>>> By using a [returnraw] command you can hide all search cammands in a >>>>> page>>>>> that:>>>>> 1) never shows the cammands in a URL,>>>>> 2) is never part of the referer page source>>>>> and best of all>>>>> 3) nobody can ever see the search code as the page that contains the >>>>> code is a>>>>> [returnraw] page and will always be processed as a web page and >>>>> never have any>>>>> source.>>>>>> The FORM data is still part of the referer page ie: the page you click >>> on to do the search.>>>>>> By using [returnraw] I would not have ANY data showing on any pages >>> source or URL!>>> This increases security of data hackers using your search code to get >>> Information out of databases they should not have access to.>>> eg: Normal users vs members, or Differnet levels of Admin rights to a >>> database.>>> This also would mean that certin databases don't not have to be >>> duplicated if 90% of the data is the same.>>>>>> -- >>> Regards,>>> Marko>>> ------------------------------------------------------------------>>> Marko Bernyk - Senior System Engineer>>> mailto:marko@conexus.com.au  http://www.conexus.com.au>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>> Ph 02 9975 2799    Fax 02 9975 2799                             :)>>> ------------------------------------------------------------------>>>>>> On Thursday, 16 January 2003 12:31 PM, Tim Robinson  >>> wrote:>>>> Just have the [search] context and db value on the results.tpl>>>> page.>>>>>>>> >>>>>>>> On page results.tpl:>>>>>>>> [search db=test.db&etc]>>>> [founditems]>>>> stuff>>>> [/founditems]>>>> [/search]>>>>>>>> The form post will not have any other values in the URL.>>>>>>>> Regards,>>>> Tim>>>> -- >>>> Tim Robinson>>>> IDFK Web Developments>>>> tim@idfk.com.au>>>> 114a/40 Yeo Street>>>> Neutral Bay 2089>>>> Australia>>>> Phone +612 9908 2134>>>> Fax +612 9908 4837>>>>>>>>> From: Marko Bernyk >>>>> Reply-To:  (WebCatalog Talk)>>>>> Date: 16 Jan 2003 12:20:35 +1100>>>>> To:  (WebCatalog Talk)>>>>> Subject: [returnraw] and hiding FORM data>>>>>>>>>> What I want to do is perform a [returnraw] command that will perform >>>>> exactly>>>>> as pressing a Submit button on a form. Including the new page url not>>>>> containing the search data!>>>>>>>>>> eg: here is a example form>>>>> >>>>>>>>>> Now you can also use the full url to get the same search result as >>>>> the FORM:>>>>> http://192.168.1.1/Results.tpl$search?db=test.db&vat1=1&var2=2&var3=3>>>>>>>>>> but the FORM has the added advantage of hiding the data in the >>>>> search request.>>>>> The FORM opens up a result page and it just displays>>>>> http://192.168.1.1/Results.tpl$search as the url.>>>>>>>>>> So now you know the result I want, here is the reason:>>>>> But putting the Search query in a FORM you can hide the result page >>>>> search>>>>> Data - but the data is still in the HTML code of the referrer page >>>>> as FORM>>>>> syntax - anyone can read this as source.>>>>>>>>>> By using a [returnraw] command you can hide all search cammands in a >>>>> page>>>>> that:>>>>> 1) never shows the cammands in a URL,>>>>> 2) is never part of the referer page source>>>>> and best of all>>>>> 3) nobody can ever see the search code as the page that contains the >>>>> code is a>>>>> [returnraw] page and will always be processed as a web page and >>>>> never have any>>>>> source.>>>>>>>>>>>>>>> So my Test of [returnraw] is this:>>>>> (Note Mac users need to save file as DOS style text, as DOS carrage >>>>> returns>>>>> are needed for this work)>>>>>>>>>> [returnraw]HTTP/1.0 302 Found>>>>> Location: /Results.tpl$search?db=catalog.db&var1=1&var2=2&var3=3>>>>>>>>>> [/returnraw]>>>>>>>>>> From what I can gather [returnraw] is a redirect result (using Code >>>>> 302)>>>>> forcing the browser to jump to the link in 'Location:' , It is not a >>>>> request>>>>> for a url!>>>>>>>>>> I determined this using Etherpeek and looking up w3.org file>>>>> http://www.ietf.org/rfc/rfc2616.txt - Page 135 Section 14.30>>>>> My EtherPeek packet result for the FORM being processes is:>>>>> Command: POST>>>>> URI: /Results.tpl$search>>>>> Version: HTTP/1.1>>>>> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*>>>>> Referer: http://192.168.1.1/test.tpl>>>>> Accept-Language: en-au>>>>> Content-Type: application/x-www-form-urlencoded>>>>> Accept-Encoding: gzip, deflate>>>>> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)>>>>> Host: brains.conexus.com.au>>>>> Content-Length: 45>>>>> Connection: Keep-Alive>>>>> Cache-Control: no-cache>>>>>>>>>> Line  1: db=test.db&var1=1&var2=2&var3=3&Submit=Submit>>>>>>>>>> --END-->>>>>>>>>>>>>>> How would you code a [returnraw] for the FORM above to get a result >>>>> page with>>>>> NO search data in the URL?>>>>> What Other commands can be used in the [returnraw]>>>>>>>>>>>>>>> -- >>>>> Regards,>>>>> Marko>>>>> ------------------------------------------------------------------>>>>> Marko Bernyk - Senior System Engineer>>>>> mailto:marko@conexus.com.au  http://www.conexus.com.au>>>>> Technical Services, Conexus Pty Ltd, Sydney, Australia>>>>> Ph 02 9975 2799    Fax 02 9975 2799                             :)>>>>> ------------------------------------------------------------------>>>>>>>>>>>>>>>>>>>> ------------------------------------------------------------->>>>> This message is sent to you because you are subscribed to>>>>> the mailing list .>>>>> To unsubscribe, E-mail to: >>>>> To switch to the DIGEST mode, E-mail to>>>>> >>>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>>>>>>>>>>>>> ------------------------------------------------------------->>>> This message is sent to you because you are subscribed to>>>>  the mailing list .>>>> To unsubscribe, E-mail to: >>>> To switch to the DIGEST mode, E-mail to >>>> >>>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>>>>>>>> ------------------------------------------------------------->>> This message is sent to you because you are subscribed to>>>   the mailing list .>>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to >>> >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>------------------------------------------------------------->>This message is sent to you because you are subscribed to>>  the mailing list .>>To unsubscribe, E-mail to: >>To switch to the DIGEST mode, E-mail to >>Web Archive of this list is at: http://webdna.smithmicro.com/>>>>-------------------------------------------------------------This message is sent to you because you are subscribed to  the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Marko Bernyk 
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
 
WebCat2 several catalogs? (1997)
 
Showing Results Alphabetically in Columns (top to bottom) (2002)
 
Document Contains No Data! (1997)
 
Post Limits (1998)
 
logging in a user (1999)
 
Date sorting (1997)
 
Forcing a NEWCART (1997)
 
Missing something simple?? (1998)
 
Re:Dumb Question about Docs (1997)
 
Summarizing on two fields (1998)
 
WebCat2b12--[searchstring] bug (1997)
 
Secure server question (1997)
 
Using Cookie for client specific info? (1997)
 
[WebDNA] Just drop the Server version (2015)
 
[WebDNA] An actual attempt to get WebDNA and MAMP Pro to work - (2018)
 
encryption madness (2003)
 
[WebDNA] Emailer Issue (2009)
 
WebMerchant and PCAuthorize (1998)
 
More! on [ShowCart] and GET vs. POST (1997)
 
Just a thought (1998)