Re: [CFTALKTor] Arrgh.... still having form problems.... Help!

Thu, 24 Jan 2002 11:15:05 -0800 

Thank you everybody. You are all a great bunch of cf gurus. As always,
everyone's help is genuinely appreciated.

Karl

> From: "Marc Campeau" <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> Date: Thu, 24 Jan 2002 14:22:51 -0500
> To: <[EMAIL PROTECTED]>
> Subject: RE: [CFTALKTor] Arrgh.... still having form problems.... Help!
> 
>> Yes I was playing around with this approach but I've never used wddx so
>> wasn't sure about its usage in this situation. So I would
>> basically use wddx
>> to serialize, then drop that into a holding table and then on successful
>> re-login, grab it where the userIDs match and then de-serialize on the
>> insertion template?
> 
> Exactly.
> 
>> I've been using http_referer and getfilefrompath(cf_template_path) as well
>> as query_string. I've managed to get the app to continue on to the pages
>> that process the various forms, it's simply been a matter of getting the
>> form info to the processing pages, in the format that they are
>> expecting (ie
>> FORM.field1, FORM.field2, etc.)
> 
> Do as Laurie said, copy the submitted form fields into a form that's passed
> from your login page to the aborted form. Use somthing like this:
> 
> <CFLOOP INDEX="formField" LIST="#structKeyList(FORM)#">
> <CFOUTPUT>
> <INPUT TYPE="hidden" NAME="#formField#"
> VALUE="#evaluate('FORM.#formField#')#"></CFOUTPUT>
> </CFLOOP>
> 
>> Since I don't know.... what is the security issue with using wddx and
>> holding the info in session?
> 
> WDDX is secure the problem is that it is easy to read, hence if you serialze
> a structure and put it inside a hidden field, someone viewing the source
> could get see everything you put in there and this might expose some inner
> workings of your app which is a potential hazard...
> 
> Good luck,
> 
> Marc
> 
> -
> You are subscribed to the CFUGToronto CFTALK ListSRV.
> This message has been posted by: "Marc Campeau" <[EMAIL PROTECTED]>
> To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/
> Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/
> This System has been donated by Infopreneur, Inc.
> (http://www.infopreneur.net)

-
You are subscribed to the CFUGToronto CFTALK ListSRV.
This message has been posted by: Karl Zarudny <[EMAIL PROTECTED]>
To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/
Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/
This System has been donated by Infopreneur, Inc.
(http://www.infopreneur.net)

Reply via email to