Hi Mark On Tue, 2009-04-14 at 11:16 -0400, Mark Stosberg wrote: > However, only validation can check if in fact I have all parameters I > need in the right format. That protects against the case where my > application generates a link with a valid checksum, but somehow has the > wrong data in it. If I skipped validation in the receiving run mode, I > open myself up for a garbage-in/garbage-out problem, or perhaps worse.
Since validation on the server side is inescapable, are you /sure/ link checksumming adds something worth the effort. For instance, in menus, I renumber all items 1 .. N, no matter what db record they point to. At the same time, in the session, I save another map which reverts that 1 .. N to the 'real' id of each item. OK, so it doesn't protest against everything, but it helps validation. I did not put the logic in a separate module yet. -- Ron Savage [email protected] http://savage.net.au/index.html ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
