can you include a check sum with the page information? Generate the text, do some calculation on it, sand both values. on the server side redo the calculation Then if someone tries to add/change the form data the check sum fails
if it matches off you go if it falis do some thing nasty (again) :) On Wed, 9 Nov 2016 20:47:54 +0000, Mike McCall wrote: > Thanks so much Chip for the suggestion, > > That thought also crossed my mind but unfortunately with the silly > number of variables we currently have, over 20,000 in total, my > initial tests suggested that it could seriously affect performance to > go with that approach. > > I'd really prefer not to have to do a complete rewrite of how we > handle form fields since that would be very time consuming. > > Thanks again and definitely let me know if you or anyone else has any > other idea. > > Mike > > -----Original Message----- > From: 4D_Tech [mailto:4d_tech-boun...@lists.4d.com] On Behalf Of Chip > Scheide > Sent: Wednesday, November 9, 2016 12:38 PM > To: 4D iNug Technical <4d_tech@lists.4d.com> > Subject: Re: Automatic Variable Assignment and Web Get Variables - > Bad usage of pointer or pointer to an unknown variable > > I do NO web work so take this idea with that in mind > > Instead of : > On Wed, 9 Nov 2016 19:58:16 +0000, Mike McCall wrote: >> Else >> $p:=Get pointer(arr_Web_Field_Name{$i}) >> $p->:=arr_Web_Field_Value{$i} >> End case > > if (find in array($arr_Legal_Variable_Names;arr_Web_Field_Name{$i})>0) > $p:=Get pointer(arr_Web_Field_Name{$i}) > $p->:=arr_Web_Field_Value{$i} > else > `do nasty things since someone tried to hack your server end if > > Where arr_Legal_Variable_Names > is an array of valid variable names and any value NOT in this array > is an error Chip ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************
