Axton wrote:
** I would think that the password/username should not be required to
fetch resources from the sharedresources directory. This looks to be
a problem in the active link 'uidemo: Hover and Tooltips'; hopefully
this logic was not replicated. Imho, the pwd url parameter should be
deprecated altogether. There is no case to justify it's use as it is
insecure by nature.
Axton Grams
Axton,
I originally found this issue when I was debugging a bit of work flow
that I created on our custom forms. I used uidemo as an example rather
than sharing my definition files & data with BMC support.
<GRIPE>
I know from experience the sort of questions that they ask before
they even start on a problem, even when they have been supplied the
information! So if I found the problem with some work flow that
emanated from BMC then that might speed the process up a bit.
</GRIPE>
I did not copy my work flow from uidemo - rather I based it on
information obtained from the documentation and also what I gleaned from
being part of the Beta program.
There are a number of active links in uidemo that handle use the
TEMPLATE function and every time that the template is used in the WUT,
and a graphic is used in that template, then the username and password
are to be found as part of the URL. In fact, there is a View field on
the 'Hover and Tooltips' panel. When you click on a row in the 'Hover
on Table Row' table the view field is filled with the processed
template. Right click on the view field, chose 'View Source' and you
get to see the HTML. In the 'src' of the 'img' tag you will find the
username and password parts containing the security data.
Ian
------------------------------------------------------------------------
Ian Trimnell, AR System Lead Developer (amongst other jobs),
Specialist Support & Information Team, Academic & Administrative
Computing Service
Open University, MILTON KEYNES, UK
Phone: 01908 653741 web: http://www.open.ac.uk/
The Open University is incorporated by Royal Charter (RC 000391), an
exempt charity in England & Wales and a charity registered in Scotland
(SC 038302).
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"