If someone wants to produce erroneous results with your site they can
as long as it only affects that user it is fine. Thats what the
default fuseaction is for to catch any fuseactions not listed and
handle them gracefully.. Modifying URL parameters if you code properly
is not a problem since you should always do data integrity checking
and bounds checking to ensure your data is safe.
Jeremy Allen
[EMAIL PROTECTED]
-----Original Message-----
From: Evan Lavidor [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 19, 2000 10:15 PM
To: [EMAIL PROTECTED]
Subject: [CF-Talk] RE: Ben Forta, I call on thee (was: What is Fusebox)
-- Reply to Dave Watts.
>From Dave Watts' message:
> a) using Fusebox
> 1. index.cfm?fuseaction=left_nav
> 2. index.cfm?fuseaction=main
> 3. index.cfm?fuseaction=cmd_frame
> 4. index.cfm?fuseaction=data_frame
> 5. index.cfm?fuseaction=socket_frame
A question I've had about Fusebox and security/stability. In some
enterprise sites I've dealt with I've found it a good practice not to pass
variables along the URL if possible. It becomes very easy for someone to
"break" the app by altering URLs - something they actually have access to,
as opposed to FORM variables, (or session & client vars, etc.). If
fuseactions are passed through the URL, doesn't this lead to the same
"instability"?
Evan
----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
