On Thu, Mar 20, 2008 at 12:06 PM, Dean H. Saxe <[EMAIL PROTECTED]> wrote:
> Well, like I said, I whitelist sites I use that don't work without JS. > But I blacklist the various ad and tracking sites which are useless to me > and only serve to profile my web surfing. Plus, I know where all the JS > comes from now so I can limit any malicious JS because I have to > specifically enable it if the site is not whitelisted. > NoScript also provides some XSS protections too... Seriously, check it out > if you have any interest in security and/or privacy. > > Now why in the hell would HR/IT be pissed if a user turned off JS? > ah, yeah, a total wtf, eh? some things come to mind * helpdesk calls cost money * 3rd party tools come as is using JS, so if off see first above. eg PeopleSoft, Cognos, BusinessObjects, Sharepoint, etc...oh and that oft credited first AJAX tool, Outlook for web. * if any tracking is in JS on internally built CMS type tools tracking use, turning off JS is circumventing approved processes * related to the last one, simply turning it off can violate established IT rules * a over zealous new security VP trying to find anything to justify his recent 6-fig salary request...ok this one is in jest DK > > -dhs > > > Dean H. Saxe, CISSP, CEH > [EMAIL PROTECTED] > "[U]nconstitutional behavior by the authorities is constrained only by the > peoples' willingness to contest them" > --John Perry Barlow > > > On Mar 20, 2008, at 11:35 AM, Douglas Knudsen wrote: > > ok, aside from the jab in the subject change, I've been curious of this. > I come from inTRnet world where if a user turned JavaScript off, they could > actually be visited by HR/IT enforcement. Anyhoo, in the wide world web > what type of user actually disables JavaScript? Security minded folks it > seems from Dean's comment, but who else? Certainly not your g'ma, eh? I > suppose that's a question to ask when implementing a site or feature, does > the subset of NoScripters matter to the goals of your site? Is this a > question that should even be entertained in todays web? I know maybe 10 > years back it was a serious one, but what about now? > > On another side, this would be similar to the users who do not install > Flash Player. Here though they have measured saturation, though not that > scientific, seems to be somewhat dependable. Is there such data on > JavaScript? > > > DK > > On Thu, Mar 20, 2008 at 11:16 AM, Dean H. Saxe < > [EMAIL PROTECTED]> wrote: > > > I'm one of those users. NoScript is a very good extension if you want > > to know what marketing companies and other unsavory types are harvesting > > your surfing habits to target advertising. I enable scripting on a > > whitelist of trusted sites only. > > -dhs > > > > > > Dean H. Saxe, CISSP, CEH > > [EMAIL PROTECTED] > > "Great spirits have often encountered violent opposition from weak > > minds." > > --Einstein > > > > > > On Mar 20, 2008, at 11:10 AM, Douglas Knudsen wrote: > > > > My first thought is...disable the submit button after its mashed once. > > My second thought is, some people disable JavaScript. Now, what type of > > user disables JavaScript? Would that type of user go 'mash the button > > crazy', does it really matter then? If so, could use Flash(read Flex). > > Aside from that, maybe some sort of random key deal that you could test > > server side, if the key is inprocess, do nothing, ow process. But the > > upload issue might still be there as this occurs before your CFM processing > > does. I might re-factor the UI putting document uploads on a separate view > > from the data input. > > > > hope the rambling helps... :) > > > > > > DK > > > > On Thu, Mar 20, 2008 at 10:51 AM, Jeff Howard <[EMAIL PROTECTED]> wrote: > > > > > I'm working on an application where a form is submitted along with > > > various attachments (doc, pdf, xls, etc). Apparently users are submitting > > > the same request several times and I've been asked to address this issue. > > > At first thought, it seemed quick and simple to me, but as I've started > > > working on it I can't decide exactly how to handle the attachments in > > > associated with the form in the most efficient way. > > > > > > That brings me here. I was looking for suggestions on how to handle > > > the attachments while I run validation on the db to see if the input from > > > the form already exists in the db. It seems like something that would be > > > perfect for AJAX to handle, but my AJAX skills are virtually nonexistent. > > > So, without using AJAX (or if you can break it down using AJAX for a > > > novice) > > > how would you handle the situation? > > > > > > The main issue I'm having, is that if I do the validation after the > > > form submission, CF is assigning a temp directory to my attachment file. > > > So > > > what is submitted as this: "C:\Documents and Settings\JHoward\Desktop\PO > > > Request mods.doc" ends up as this after submission and validation: > > > "C:\ColdFusion8\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\neotmp13963.tmp > > > " > > > and then when I pass it to the CFFILE, it tells me the file doesn't exist. > > > > > > I'm really just looking at the different ways other people would > > > handle this situation to try and decide so any input would be great. > > > > > > Thanks in advance. > > > > > > Jeff > > > > > > ------------------------------------------------------------- > > > Annual Sponsor - Figleaf Software <http://www.figleaf.com> > > > > > > To unsubscribe from this list, manage your profile @ > > > http://www.acfug.org?fa=login.edituserform > > > > > > For more info, see http://www.acfug.org/mailinglists > > > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > > > List hosted by FusionLink <http://www.fusionlink.com> > > > ------------------------------------------------------------- > > > > > > > > > > -- > > Douglas Knudsen > > http://www.cubicleman.com > > this is my signature, like it? > > ------------------------------------------------------------- > > Annual Sponsor - Figleaf Software <http://www.figleaf.com> > > > > To unsubscribe from this list, manage your profile @ > > http://www.acfug.org?fa=login.edituserform > > > > For more info, see http://www.acfug.org/mailinglists > > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > > List hosted by FusionLink <http://www.fusionlink.com> > > ------------------------------------------------------------- > > > > > > > > > -- > Douglas Knudsen > http://www.cubicleman.com > this is my signature, like it? > ------------------------------------------------------------- > Annual Sponsor - Figleaf Software <http://www.figleaf.com> > > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > ------------------------------------------------------------- > > > -- Douglas Knudsen http://www.cubicleman.com this is my signature, like it? ------------------------------------------------------------- Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
