Any particular reason why not the cookie or attributes scope?
KOla
-----Original Message-----
From: Patrick McElhaney [mailto:[EMAIL PROTECTED]]
Sent: 03 May 2001 13:54
To: Fusebox
Subject: RE: RE: Managing program flow
I think Hans is right. If you're really concerned about security, you
certainly can't rely on HTTP_Referer. That can be artificially modified.
I would use a step variable and put it in a scope that can't be modified
by the client. I would think that putting the step variable in the
client scope is okay, but not in a cookie or the attributes scope.
Patrick
> -----Original Message-----
> From: Hans Omli [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 02, 2001 8:12 PM
> To: Fusebox
> Subject: RE: RE: Managing program flow
>
>
> I store all submitted form variables in a client variable (using wddx).
> Then on each template I check that the client variable includes all form
> variables that should have been entered thus far, and send the
> user back if
> not.
>
> A step variable would obviously be a more simple solution. So, now I'm
> considering whether I'd have any security concerns with step variables.
> Thoughts?
>
> Hans
>
> -----Original Message-----
> From: Jim Stahlin [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 02, 2001 4:13 PM
> To: Fusebox
> Subject: Re: RE: Managing program flow
>
>
> I agree that you have this problem in non-CF sites. But the
> program flow is
> much more apparent in a Fusebox site than in other sites. I restricted
> access using session variables and am in the process of
> converting the site
> to fusebox. Other than using a step variable does anyone know of another
> way to do this?
>
> >>> [EMAIL PROTECTED] 05/02/01 18:06 PM >>>
> Couldn't they do that in a non-CF site too?
>
> What you're talking about sounds to me like a regular programming process
> problem. You could set a client variable on each page with the
> step number,
> and send bad users to the right page.
>
> NAT
>
> > -----Original Message-----
> > From: Jim Stahlin [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 02, 2001 1:50 PM
> > To: Fusebox
> > Subject: Managing program flow
> >
> >
> > I have a problem in getting my mind around how you can restrict
> > the flow of actions in fusebox. I have a site that in the
> > checkout process requires the user to pick shipping method, then
> > Credit Card info, then Shipping info, then approve the order. If
> > I use Fuseactions to do this the user could pass the last
> > fuseaction in the URL variable and skip all the entry screens.
> >
> > Archives: http://www.mail-archive.com/[email protected]/
> > Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=sts
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
