Re: Where is the secure setting for text variables?
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 54709
interpreted = N
texte = On 12/6/03 2:22 AM, "CN Stuff"
wrote:> I was thinking I could pass something from the previous page that was> required on the posted page I could somehow thwart this loser. I guess> I will just go with the referrer.> > Thanks> > DaleDale if you really want to stop this try this logic.On the submittal page, have a search tag that searches a key database.The database is simple..One fieldSKU KEY1 23456787654That's it. The number is random.Set a trigger to be called say every 30 minutes or so that just calls a pagethat simply does 2 things:replaces sku record 1 with a random number.The replaces a key.inc that sits in globals or somewhere standard for youwith the same number.Then on the form page the inc file is inserted into a variable and on thesubmittal the search string simply checks the key db against the value ofthe key.incWhalla randomly rotating key number that updates itself automatically.There is a very small chance that someone who got the form before the numberchanged when submitting it would get a mismatched number.This is easily resolved, if you're really concerned about it, by simplyusing 2 numbers in the key.db.The 1 sku is the new number, and the 2 sku is the 1 sku moved down as numberone is changed. This guarantees you will never get mismatched failure and itis pretty much as simple and secure.HTHAlexAlex J McCombie New World MediaChief Information Officer Box 124888/892.6379 MartVille, NY 13111Alex@NewWorldMedia.com http://OurClients.comInterface Designer WebDNA Programmer Database Designer-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
On 12/6/03 2:22 AM, "CN Stuff" wrote:> I was thinking I could pass something from the previous page that was> required on the posted page I could somehow thwart this loser. I guess> I will just go with the referrer.> > Thanks> > DaleDale if you really want to stop this try this logic.On the submittal page, have a search tag that searches a key database.The database is simple..One fieldSKU KEY1 23456787654That's it. The number is random.Set a trigger to be called say every 30 minutes or so that just calls a pagethat simply does 2 things:replaces sku record 1 with a random number.The replaces a key.inc that sits in globals or somewhere standard for youwith the same number.Then on the form page the inc file is inserted into a variable and on thesubmittal the search string simply checks the key db against the value ofthe key.incWhalla randomly rotating key number that updates itself automatically.There is a very small chance that someone who got the form before the numberchanged when submitting it would get a mismatched number.This is easily resolved, if you're really concerned about it, by simplyusing 2 numbers in the key.db.The 1 sku is the new number, and the 2 sku is the 1 sku moved down as numberone is changed. This guarantees you will never get mismatched failure and itis pretty much as simple and secure.HTHAlexAlex J McCombie New World MediaChief Information Officer Box 124888/892.6379 MartVille, NY 13111Alex@NewWorldMedia.com http://OurClients.comInterface Designer WebDNA Programmer Database Designer-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Alex McCombie
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Showing unopened cart (1997)
webcat2b12 CGI -- Date comparisons (1997)
Shipping rate x Quantity solution needed (2000)
Exists? (1997)
How to append text after the sign & (1997)
2.0Beta Command Ref (can't find this instruction) (1997)
One more browser problem to watch out for... (1997)
unable to launch acgi in WebCat (1997)
Generating a random image, but avoiding repeated images. (1999)
Search group and ww (2003)
ooops...WebCatalog [FoundItems] Problem - LONG - (1997)
[WebDNA] export db data for importing into Microsoft Outlook calendar? (2011)
grouped fields? (1999)
spreadsheet interface (1998)
How To question on setting up downloads (1997)
too many nested tags ... (1997)
Forumulas.db & Variables (2002)
international time (1997)
auto adding SKUs w/DB helper (1998)
WebCat2b12 Mac.acgi--[searchstring] bug (1997)