Re: Where is the secure setting for text variables?
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 54714
interpreted = N
texte = The problem is that some legitimate browsers may not send the referrer at all and you could turn away good business.- brianOn Dec 6, 2003, at 11:04 AM, Dan Strong wrote:> Why not (on the landing page):> [hideif [referrer]=[the_value_of_[this_url]_on "the_form.html"]]> [redirect the_form.html]> [/hideif]>> Is it that someone could fake out a 'referer' MIME header and beat it?>> -Dan>>> On Sat, 06 Dec 2003 10:26:19 -0500> Alex McCombie
wrote:>> On 12/6/03 2:22 AM, "CN Stuff" wrote:>>>>> I was thinking I could pass something from the previous page that was>>> required on the posted page I could somehow thwart this loser. I >>> guess>>> I will just go with the referrer.>>> Thanks>>> Dale>> Dale if you really want to stop this try this logic.>>>> On the submittal page, have a search tag that searches a key database.>> The database is simple..>>>> One field>> SKU KEY>> 1 23456787654>>>>>> That's it. The number is random.>>>> Set a trigger to be called say every 30 minutes or so that just calls >> a page>> that simply does 2 things:>>>> replaces sku record 1 with a random number.>>>> The replaces a key.inc that sits in globals or somewhere standard for >> you>> with the same number.>>>> Then on the form page the inc file is inserted into a variable and on >> the>> submittal the search string simply checks the key db against the >> value of>> the key.inc>>>> Whalla randomly rotating key number that updates itself automatically.>>>> There is a very small chance that someone who got the form before the >> number>> changed when submitting it would get a mismatched number.>>>> This is easily resolved, if you're really concerned about it, by >> simply>> using 2 numbers in the key.db.>>>> The 1 sku is the new number, and the 2 sku is the 1 sku moved down as >> number>> one is changed. This guarantees you will never get mismatched failure >> and it>> is pretty much as simple and secure.>>>> HTH>> Alex>>>>>>>> Alex J McCombie New World Media>> Chief Information Officer Box 124>> 888/892.6379 MartVille, NY 13111>> Alex@NewWorldMedia.com http://OurClients.com>>>> Interface Designer WebDNA Programmer Database Designer>-- Brian Fries, BrainScan Software -- http://www.brainscansoftware.com ---------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
The problem is that some legitimate browsers may not send the referrer at all and you could turn away good business.- brianOn Dec 6, 2003, at 11:04 AM, Dan Strong wrote:> Why not (on the landing page):> [hideif [referrer]=[the_value_of_[this_url]_on "the_form.html"]]> [redirect the_form.html]> [/hideif]>> Is it that someone could fake out a 'referer' MIME header and beat it?>> -Dan>>> On Sat, 06 Dec 2003 10:26:19 -0500> Alex McCombie wrote:>> On 12/6/03 2:22 AM, "CN Stuff" wrote:>>>>> I was thinking I could pass something from the previous page that was>>> required on the posted page I could somehow thwart this loser. I >>> guess>>> I will just go with the referrer.>>> Thanks>>> Dale>> Dale if you really want to stop this try this logic.>>>> On the submittal page, have a search tag that searches a key database.>> The database is simple..>>>> One field>> SKU KEY>> 1 23456787654>>>>>> That's it. The number is random.>>>> Set a trigger to be called say every 30 minutes or so that just calls >> a page>> that simply does 2 things:>>>> replaces sku record 1 with a random number.>>>> The replaces a key.inc that sits in globals or somewhere standard for >> you>> with the same number.>>>> Then on the form page the inc file is inserted into a variable and on >> the>> submittal the search string simply checks the key db against the >> value of>> the key.inc>>>> Whalla randomly rotating key number that updates itself automatically.>>>> There is a very small chance that someone who got the form before the >> number>> changed when submitting it would get a mismatched number.>>>> This is easily resolved, if you're really concerned about it, by >> simply>> using 2 numbers in the key.db.>>>> The 1 sku is the new number, and the 2 sku is the 1 sku moved down as >> number>> one is changed. This guarantees you will never get mismatched failure >> and it>> is pretty much as simple and secure.>>>> HTH>> Alex>>>>>>>> Alex J McCombie New World Media>> Chief Information Officer Box 124>> 888/892.6379 MartVille, NY 13111>> Alex@NewWorldMedia.com http://OurClients.com>>>> Interface Designer WebDNA Programmer Database Designer>-- Brian Fries, BrainScan Software -- http://www.brainscansoftware.com ---------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Brian Fries
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Emailer choke (1997)
Why did this copyfile stop working? (2004)
Sorting Numbers (1997)
Bad Cookie (1998)
Navigator 4.01 (1997)
SQL Error: 00000 (2004)
Include vs. lookup-opps (1998)
Closing Databases (1998)
WebCat2b13MacPlugin - [math][date][/math] problem (1997)
Searching Multiple DBs (1997)
DON'T use old cart file! (1997)
MyVitrualMerchant (2007)
Logical and or in [hideif] (1997)
ANother SHOWIF problem (1997)
[random] only for 1-100??? (1997)
Shipping Calculation Problem (1997)
errormessages.db (1997)
I'm new be kind (1997)
Showif date > other date (2004)
Universal root for WC errors? (1997)