Michael McGrady wrote:
Mike Kienenberger wrote:
Rick Reumann [EMAIL PROTECTED] wrote:
Mike Kienenberger wrote the following on 9/17/2004 2:17 PM:
Any time you allow an end user an opportunity to specify a parameter
for
reflection, you're introducing security concerns.
However, a
Mike Kienenberger wrote the following on 9/17/2004 7:13 PM:
On the other hand, if you're just saying that you can encode your reflection
dispatch name so that /pagemethod=X becomes /a1b2c3d4e5.psc, you've
just made the security more obscure. If someone figures out your encoding,
they can still
Rick Reumann [EMAIL PROTECTED] wrote:
Mike Kienenberger wrote the following on 9/17/2004 2:17 PM:
Any time you allow an end user an opportunity to specify a parameter for
reflection, you're introducing security concerns.
However, a secure version could be created by only allowing a
Mike Kienenberger wrote:
Rick Reumann [EMAIL PROTECTED] wrote:
Mike Kienenberger wrote the following on 9/17/2004 2:17 PM:
Any time you allow an end user an opportunity to specify a parameter for
reflection, you're introducing security concerns.
However, a secure version could