Well, like I said, I whitelist sites I use that don't work without
JS. But I blacklist the various ad and tracking sites which are
useless to me and only serve to profile my web surfing. Plus, I know
where all the JS comes from now so I can limit any malicious JS
because I have to specifically enable it if the site is not whitelisted.
NoScript also provides some XSS protections too... Seriously, check it
out if you have any interest in security and/or privacy.
Now why in the hell would HR/IT be pissed if a user turned off JS?
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"[U]nconstitutional behavior by the authorities is constrained only by
the peoples' willingness to contest them"
--John Perry Barlow
On Mar 20, 2008, at 11:35 AM, Douglas Knudsen wrote:
ok, aside from the jab in the subject change, I've been curious of
this. I come from inTRnet world where if a user turned JavaScript
off, they could actually be visited by HR/IT enforcement. Anyhoo,
in the wide world web what type of user actually disables
JavaScript? Security minded folks it seems from Dean's comment, but
who else? Certainly not your g'ma, eh? I suppose that's a question
to ask when implementing a site or feature, does the subset of
NoScripters matter to the goals of your site? Is this a question
that should even be entertained in todays web? I know maybe 10
years back it was a serious one, but what about now?
On another side, this would be similar to the users who do not
install Flash Player. Here though they have measured saturation,
though not that scientific, seems to be somewhat dependable. Is
there such data on JavaScript?
DK
On Thu, Mar 20, 2008 at 11:16 AM, Dean H. Saxe <[EMAIL PROTECTED]
> wrote:
I'm one of those users. NoScript is a very good extension if you
want to know what marketing companies and other unsavory types are
harvesting your surfing habits to target advertising. I enable
scripting on a whitelist of trusted sites only.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"Great spirits have often encountered violent opposition from weak
minds."
--Einstein
On Mar 20, 2008, at 11:10 AM, Douglas Knudsen wrote:
My first thought is...disable the submit button after its mashed
once. My second thought is, some people disable JavaScript. Now,
what type of user disables JavaScript? Would that type of user go
'mash the button crazy', does it really matter then? If so, could
use Flash(read Flex). Aside from that, maybe some sort of random
key deal that you could test server side, if the key is inprocess,
do nothing, ow process. But the upload issue might still be there
as this occurs before your CFM processing does. I might re-factor
the UI putting document uploads on a separate view from the data
input.
hope the rambling helps... :)
DK
On Thu, Mar 20, 2008 at 10:51 AM, Jeff Howard <[EMAIL PROTECTED]>
wrote:
I'm working on an application where a form is submitted along with
various attachments (doc, pdf, xls, etc). Apparently users are
submitting the same request several times and I've been asked to
address this issue. At first thought, it seemed quick and simple
to me, but as I've started working on it I can't decide exactly how
to handle the attachments in associated with the form in the most
efficient way.
That brings me here. I was looking for suggestions on how to
handle the attachments while I run validation on the db to see if
the input from the form already exists in the db. It seems like
something that would be perfect for AJAX to handle, but my AJAX
skills are virtually nonexistent. So, without using AJAX (or if
you can break it down using AJAX for a novice) how would you handle
the situation?
The main issue I'm having, is that if I do the validation after the
form submission, CF is assigning a temp directory to my attachment
file. So what is submitted as this: "C:\Documents and Settings
\JHoward\Desktop\PO Request mods.doc" ends up as this after
submission and validation: "C:\ColdFusion8\runtime\servers
\coldfusion\SERVER-INF\temp\wwwroot-tmp\neotmp13963.tmp " and then
when I pass it to the CFFILE, it tells me the file doesn't exist.
I'm really just looking at the different ways other people would
handle this situation to try and decide so any input would be great.
Thanks in advance.
Jeff
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
--
Douglas Knudsen
http://www.cubicleman.com
this is my signature, like it?
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
--
Douglas Knudsen
http://www.cubicleman.com
this is my signature, like it?
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
