On Tuesday, May 28, 2002 10:43 AM Michiel Meeuwissen wrote: > Daniel Ockeloen <[EMAIL PROTECTED]> wrote: > > Is there any way to add/use crc's for urls in the taglibs (mm:url and i > > guess mm:import) to allow us to sign > > mm:import??? I think you mean mm:include and descendants. > > > generated urls ?. The reason i ask is that its now possible to 'play' with > > the url and change nodenumbers, > > actions etc etc. If this is not in 1.5 i would like to see this implemented > > in 1.6 since its needed to create > > safe and stable websites that are script-kiddie proof. As a bonus we could > > than also 'scramble' the url so that > > we can hide how things work (not that we all want that but still). > > It is not possible now. > > Perhaps it would be nice, to have it. On the other hand I don't think > it should really be necessary. Information which is 'private' should > simply be protected by the security system, and if it is not private, > let him have his laugh. If he feeds a page wrong arguments, the > script-kiddy will simply see Exceptions (you can even switch that of, > if you want to obfuscate him). > > So the only thing which stays, I think, is that he can try to generate > absurdly large pages or so, but perhaps generally the pages themselfes > should not allow this? > > > Michiel ok, officially pages should validate their arguments, but crc checking the url makes live a lot easier. Don't know how difficult it is to implement it, but if it's not that difficult, I think it's a handy instrument to protect a server against kiddies fooling around.
Wilbert Hengst - [EMAIL PROTECTED] VPRO-Digitaal - www.vpro.nl Phone: +31-35-6712728 Fax:+31-35-6712733 Visit: Mediapark, Sumatralaan 45, Hilversum, The Netherlands Mail: P.O.box 11, 1200 JC Hilversum, The Netherlands
