need to disguise urls with (myvariable)/42 extensions

0 like
Like it!

Thursday 31 March 2005 10:47:01 am - 2 replies

Modified on Thursday 31 March 2005 10:51:47 am by nigel dodd

2 replies

Author	Message
Paul Forsyth	Thursday 31 March 2005 11:00:05 am Sensitive values passed like this will always be open to attack. Personally i would store the values in the db and provide some operators to perform the manipulation on them. In this way you are 'passing' them via the db but without exposing the values. Paul
nigel dodd	Thursday 31 March 2005 11:08:26 am So far as I understand there is no easy way to store a value in the db. Don't you need to create an object and store the value as an attribute? And there are the issues to do with creating and publishing the object on the fly (as shown in http://ez.no/community/contribs/hacks/one_click_new_object_and_publish_preview_hack). I hope I am wrong here. Any pointers would be gratefully received.

Author

Message

Paul Forsyth

Thursday 31 March 2005 11:00:05 am

Sensitive values passed like this will always be open to attack.

Personally i would store the values in the db and provide some operators to perform the manipulation on them. In this way you are 'passing' them via the db but without exposing the values.

Paul

nigel dodd

Thursday 31 March 2005 11:08:26 am

So far as I understand there is no easy way to store a value in the db. Don't you need to create an object and store the value as an attribute? And there are the issues to do with creating and publishing the object on the fly (as shown in http://ez.no/community/contribs/hacks/one_click_new_object_and_publish_preview_hack).

I hope I am wrong here. Any pointers would be gratefully received.

You must be logged in to post messages in this topic!