That may be so, but in my thoughts, FORM and URL are implicitly similar in functionality, however CGI and Cookie are different.
- Calvin -----Original Message----- From: Joe Rinehart [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 29, 2005 2:06 PM To: CF-Talk Subject: Re: Best practice question? I dunno, I sorta disagree. If you're savvy enough to monkey with URL, you're implicity altering a CGI value, and are probably savvy enough to edit (unencrypted) cookies. -Joe On Mon, 28 Mar 2005 19:43:41 -0500, Calvin Ward <[EMAIL PROTECTED]> wrote: > I'm not sure that would be a good idea, both FORM and URL are tied to user > submitted fields, while CGI and Cookie are usually not so. > > - Calvin > > -----Original Message----- > From: Joe Rinehart [mailto:[EMAIL PROTECTED] > Sent: Monday, March 28, 2005 7:28 PM > To: CF-Talk > Subject: Re: Best practice question? > > I'm half-tempted to expand Model-Glue to treat CGI in the same manner. > It'd be nice to have one big "untrustable" scope for validation and > security purposes. However, thinking along that line, I should also > include Cookie, but that's getting into four layers of priority, which > could be confusing. Anyone else have any thoughts on this? > > -Joe > > On Mon, 28 Mar 2005 14:17:06 -0800, Sean Corfield > <[EMAIL PROTECTED]> wrote: > > On Sun, 27 Mar 2005 23:10:09 -0500, Justin D. Scott <[EMAIL PROTECTED]> > wrote: > > > That's why I like the way FuseBox handles input. So much so that I use > it > > > even outside my FuseBox apps. It takes all of the FORM and URL > variables > > > and moves them to the ATTRIBUTES scope if it doesn't already exist. > > > > Just to note that Mach II and ModelGlue also both do something very > > similar - they copy all form and URL variables into a single event > > object to make it possible to access them without caring where they > > came from. > > > > So it's a common enough technique that I suspect more people like it > > than dislike it... > > -- > > Sean A Corfield -- http://corfield.org/ > > Team Fusebox -- http://fusebox.org/ > > Got Gmail? -- I have 50, yes 50, invites to give away! > > > > "If you're not annoying somebody, you're not really alive." > > -- Margaret Atwood > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:200579 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
