I've just recently been working on a object based implementation of fusebox.
The entire home application is divided into two types of circuit
applications. Circuit applications that represent objects and circuit
applicaitons that walk users through a collection of use cases (more
traditional circuit applications).
The object circuit applications are designed to be called only as custom
tags (they are used by the applications that walk the users through the use
cases). Because these applications are only to be called by other circuit
applications, it would be a breach of security if a user was able to invoke
a method on one of these objects directly.
This prevented me from using the formURL2Attributes tag.
Using the attributes scope for all variables passed into the custom tag
allowed me to ensure that these circuit applications were only being called
as custom tags (not invoked in the URL).
Had I been using FormURL2Attributes a direct call through the URL to that
circuit the application would rescope the variables in the URL and allow un
authorized users to invoke methods on an object (ex: accept an offer on
behalf of another user).
I use formURL2Attributes sometimes but only when I require that
functionality. Not in my app_globals where it could be security risk.
Thats just my deux sou,
JME Maxwell
-----Original Message-----
From: Hal Helms [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 23, 2001 8:29 AM
To: Fusebox
Subject: RE: Musings on Attributes (was Best Practices...)
The reason I put XFAs in the attribs scope is that I was trying to be
consistent with the whole FormURL2Attributes logic, the argument being that
we should have a unified scope. So now, you're going to have some vars that
are purely local and some that are attributes? These attributes are starting
to feel like an appendix--having had a purpose at one time, but now just
hanging around.
When do I get to see my little um...err...clone/baby?
Hal Helms
Team Allaire
[ See www.halhelms.com <http://www.halhelms.com> for info on training
classes ]
-----Original Message-----
From: Nat Papovich [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 23, 2001 2:13 AM
To: Fusebox
Subject: RE: Musings on Attributes (was Best Practices...)
What do XFBs have to do with the attribs scope? I never put them in the
attribs scope myself, only the local scope (and not as a structure as the
original XFB outline mentions), and I haven't gotten a ticket yet...
NAT
p.s. The creation (birth?) of Mini Hal is coming along nicely.
> -----Original Message-----
> From: Hal Helms [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 22, 2001 9:54 PM
> To: Fusebox
> Subject: RE: Musings on Attributes (was Best Practices...)
>
>
> John,
>
> Part of the cost is having to prefix everything with "attributes." When
> dealing with XFAs, etc, this gets to be a significant amount of
> time. But I
> agree with you about the search-engine friendly URLs. That's a
> nice feature.
> Score one for FormURL2Attributes.
>
> Hal Helms
> Team Allaire
> [ See www.halhelms.com <http://www.halhelms.com> for info on training
> classes ]
>
>
> -----Original Message-----
> From: John Quarto-vonTivadar [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 23, 2001 12:01 AM
> To: Fusebox
> Subject: Re: Musings on Attributes (was Best Practices...)
>
>
>
> > I agree--that's the only thing that's really nice about having
> it. Again,
> I
> > just wonder if the cost is worth it.
> >
>
>
> somehow I missed the originating comment that must have started this. Has
> someone done a cost analysis to see exactly how much we are really paying
> for the convenience?
>
> (as an aside, if the need for ATTRIBUTES is somewhat moot due to non FB
> custom tag calls, and therefore only FORM and URL are in play,
> then perhaps
> we should need a URL2FORM.cfm or vice-versa tag. I happen to like the
> ability to have search-engine friendly URLs)
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
