I see your point Anthony. I understand that while its not possible to
prevent hackers from getting information they want, we can only make sure
that its only hard to crack the nut. Also, if the basics are implemented
right(which I know web2py does in-built
[http://www.web2py.com/book/default/ch
>
> Well I have these two files attached with my pyjamas application
> bootstrap.js and bootstrap_progress.js. These are from the same web2py -
> pyjamas application example that is available online. I happened to try it.
> I find that although they have code in js, I don't find the database
>
Well I have these two files attached with my pyjamas application
bootstrap.js and bootstrap_progress.js. These are from the same web2py -
pyjamas application example that is available online. I happened to try it.
I find that although they have code in js, I don't find the database
parameters.
I still don't understand what your concern is. That HTML source paints the
form! There's nothing more to be hidden since all fo the fields can be
manipulated by filling out the form. The one hidden field is Web2py's form
security ID which if manipulated will actually prevent a phony submission.
>
> Now it could be very easy to pass wrong values using some hacking
> techniques by malicious people (inshort hackers) and send wrong information
> into the database.
>
Making your code invisible would not prevent hackers from submitting
invalid values. The reason is that hackers can generat
Especially for posted values and such the source is less interesting.
Anything that is transmitted via http can be logged (and tricked!)
with tools like Charles or Fiddler anyway. This even holds for e.g.
flash based web apps except if you encrypt values before sending them.
On 12 Mrz., 10:30, weh
This two examples you have given, from your web2py form and from pyjamas,
are they functionally equivalent? If they are, please post the javascript
for both pages too, so that we can really compare.
When you mention this secure tag in html5 or web2py 2.0, it seems to me
that you are still going
This two examples you have given, from your web2py form and from pyjamas,
are they functionally equivalent? If they are, please post the javascript
for both pages too, so that we can really compare.
When you mention this secure tag in html5 or web2py 2.0, it seems to me
that you are still going
>From what I've read and tinkered with myself, it doesn't seem possible
to prevent others from finding a way to view your html source. My
observation is that you usually trade off security vs. ease of use.
The more locked doors and alarms, the more annoying your system
becomes for the typical user.
okay - Here are a few reasons -
*@Anthony *- What exactly is it that you are trying to hide? Can you give
an example?
Here is the example -
Please consider the below view page source (form when serialized) line when
I have filled up a form * using a database for my software BugBuster* in
thi
Sliverlight works on all browsers as far as I know. But I still don't think
it's a very smart platform to target for the vast majority of apps.
Silverlight locks your users into Internet Explorer.
With the Explorer usage below 50%, why would you do that?
On Mar 10, 2:33 pm, Anthony wrote:
> > I think it makes sense to process sensitive data server side. I'll
> > think over my options and proceed to achieve my goal. I don't want to
> > l
>
> I think it makes sense to process sensitive data server side. I'll
> think over my options and proceed to achieve my goal. I don't want to
> loose out on user experience either.
What exactly is it that you are trying to hide? Can you give an example?
> Thank you all for your valuable
>
I think it makes sense to process sensitive data server side. I'll
think over my options and proceed to achieve my goal. I don't want to
loose out on user experience either. Thank you all for your valuable
feedback. I hope HTML5+ / (WWW) would consider adding secure parameter
to faciliate such thin
Disabling the right-click is incredibly user-hostile and ultimately does
not prevent your pages from exposure. Silverlight and Flash are on their
way out and are not usable by many devices (ie iPhones, iPads and some
Macs).
There really should not be any good reasons to hide your HTML. If it ha
SSL is a protocol used to encrypt the data as it is sent between
machines, but it does not prevent the source to be read by a user.
I think that Chris has pointed out very well the problem: if you have
info that you won't expose publicly, that information should be stored
and processed server-side
...And I do agree that Pyjamas does have a learning curve aswell .. :)
It seems there is no escape but to learn new a technology :)
Sincerely, Rahul D (www.flockbird.com)
On Mar 10, 3:06 pm, Rahul wrote:
> Thank you all of you,
> I am thinking of linking pyjamas with my web2py project. Though
Thank you all of you,
I am thinking of linking pyjamas with my web2py project. Though I
it does not restrict users from viewing the page source, it does not
show parameters in the source to the public openly. This way if there
is someone with malicious intentions, we can prevent one from
inspect
I'm sorry, Rahul. I may have misunderstood the reason behind your post, as I
have heard similar requests in my time as a front-end developer.
However, seeing that the site in your signature does potentially show sensitive
information, the best thing I can recommend is to not send any more sensi
I agree with Wikus. Just by having a web site out in the public means just
that. Don't publish anything that you wouldn't want printed in newspapers
or announced to your grandmother. :)
You may be different, but every one who has asked me to prevent users to
view source code did not care about
>
> Perhaps requesting the content with an
> ajax call when it loads client-side (I am not sure if this is
> unaccessible for the browser anyway).
That's not a bad idea. Using the browser's view source feature should only
show the HTML of the initial page load, not any subsequent Ajax calls.
It looks like you don't understand how the world wide web works. There is
nothing you can do to stop me from seeing the HTML code of your website.
Blocking right click gets you nowhere as I can still use the browser menu,
numerous plugins or simply download the page code directly without even
u
You can (I think) change the right click event handler with
javascript, but how are you going to prevent the users to do edit ->
view source code in their web browser? Maybe you can do some
obfuscation to render the source code difficult to read (by processing
the web2py response output). Perhaps r
23 matches
Mail list logo
