> A question I've had about Fusebox and security/stability. In
> some enterprise sites I've dealt with I've found it a good
> practice not to pass variables along the URL if possible. It
> becomes very easy for someone to "break" the app by altering
> URLs - something they actually have access
> > that you post (e.g.., "If you can afford SQL Server, you can
> > afford its own box").
Can you even believe that I am still harping on this?
> In all honesty - today. This morning. I was reviewing a Fusebox
application,
> to fix some problems within that application. I'm familiar with the ba
The fuseactions are simply switches and are irrelevant to obvious security measures
that should be taken regardless of the development platform or coding methodology. If
the application is poorly written, it won't matter whether it's in the fusebox style
or not.
---mark
-
If someone wants to produce erroneous results with your site they can
as long as it only affects that user it is fine. Thats what the
default fuseaction is for to catch any fuseactions not listed and
handle them gracefully.. Modifying URL parameters if you code properly
is not a problem since you
> as opposed to FORM variables, (or session & client vars, etc.). If
> fuseactions are passed through the URL, doesn't this lead to the same
> "instability"?
Not really, as you should always have a specified for such
occasions...
-Cameron
Cameron Childress
ElliptIQ Inc.
p
First:
Naughty naughty!!!
I encountered the exact same scenario my main frameset had
a frame to display people in a 'chat room' the left nav,
the main frame is the main data display frame
the command frame is where you type in stuff to send to
the room, the 'socket frame' is the one that act
Warning! This is a very long and verbose response. If you're not interested
in the topic, ignore this message. Remember, I warned you!
> You know, I think you guys at Figleaf set the standard for what
> client interface should be and your applications are certainly
> the goal of programmers eve
Dave,
You know, I think you guys at Figleaf set the standard for what client
interface should be and your applications are certainly the goal of
programmers everywhere. I also like the thought process behind what you
guys do. And I can't imagine there is anyone that does not appreciate all
the
8 matches
Mail list logo
