> > However, only validation can check if in fact I have all parameters I
> > need in the right format. That protects against the case where my
> > application generates a link with a valid checksum, but somehow has the
> > wrong data in it. If I skipped validation in the receiving run mode, I
> > open myself up for a garbage-in/garbage-out problem, or perhaps worse.
>
> Wouldn't this be best solved by storing the links (or the checksum for
> a link) in a session? When they perform their next activity, the
> runmode checks to see if it (and the parameters on the URL) was one of
> the expected run modes when the previous page was displayed?
I have in mind cases where there is no session, and the links do not
change from person to person. For example, a public page displaying a
pet's photo, which requires a "pet_id" and "photo_id" to be passed in.
Mark
##### CGI::Application community mailing list ################
## ##
## To unsubscribe, or change your message delivery options, ##
## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ##
## ##
## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ##
## Wiki: http://cgiapp.erlbaum.net/ ##
## ##
################################################################
