Tuesday 12 July 2005 1:41:49 am
Bruce, you say
I take it that you are referring to the way that the attributes utilise hidden fields and the naming of variables in edit screens?
I'm relatively convinced that the methods that ez employs do not enable the substitution of these values in a way that would allow for the modification of information that the user would not normally have access to.
I'm not sure we're talking about quite the same thing, so I shall elaborate. In my application a logged in user needs to create objects on the fly for an e-commerce application. The only way to do this (please correct me if I am wrong) is through the use of a form. Some of the attribute values of the new object can be determined programatically and submitted via the form (using hidden fields) to the object creation mechanism. My problem with security is that these "hidden" fields can be viewed using the view source facility of the browser. A user could create his own web form and, using this knowledge, submit bogus values for these attribute values. At the very least he can see the values of hidden attributes that I would rather he didn't. Seeing this from a more distanct perspective, ezP seems like a programming system that is very powerful in many ways but without the facility for creating new variables or changing them without saying to the world "here are the variables I am going to create, you can step in here and change their values if you wish". This is only because we cannot create objects directly in template code. We are forced to use a form. Please tell me I am wrong.
|