Re: [fw-general] Securely passing params between actions

Thu, 19 Feb 2009 11:49:06 -0800 

Any other solution?

How about something like $this->_setInternalParam() and
$this->_getInternalParam()

Would that be hard to implement?


>
> On Thu, Feb 19, 2009 at 12:07 PM, Ben Scholzen 'DASPRiD' <[email protected]
> > wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Disable the default route, and only use custom routes.
>> ...................................
>> :  ___   _   ___ ___ ___ _ ___    :
>> : |   \ /_\ / __| _ \ _ (_)   \   :
>> : | |) / _ \\__ \  _/   / | |) |  :
>> : |___/_/:\_\___/_| |_|_\_|___/   :
>> :........:........................:
>> : Web    : http://www.dasprids.de :
>> : E-mail : [email protected]       :
>> : Jabber : [email protected]     :
>> : ICQ    : 105677955              :
>> :........:........................:
>>
>>
>> Alex schrieb:
>> > Hi Ben,
>> >
>> > Well, $this->_setParam() almost suits me perfectly. Here's the problem.
>> >
>> > Action1:
>> > _setParam('secret', 'somevalue')
>> > _forward('action2)
>> >
>> > Action2:
>> > _getParam('secret')
>> >
>> > But how do I make it so that 'secret' cannot be a usersupplied
>> parameter?
>> >
>> > - Alex
>> >
>> >
>> > On Thu, Feb 19, 2009 at 10:02 AM, Ben Scholzen 'DASPRiD'
>> > <[email protected] <mailto:[email protected]>> wrote:
>> >
>> > That really depends. The easiest thing would be to store the value in a
>> > session, and if required give the user an hashed identifier as parameter
>> > to identify the data. If the data should be long-term persistent or for
>> > multiple users, store the data in a database.
>> > ...................................
>> > :  ___   _   ___ ___ ___ _ ___    :
>> > : |   \ /_\ / __| _ \ _ (_)   \   :
>> > : | |) / _ \\__ \  _/   / | |) |  :
>> > : |___/_/:\_\___/_| |_|_\_|___/   :
>> > :........:........................:
>> > : Web    : http://www.dasprids.de :
>> > : E-mail : [email protected] <mailto:[email protected]>       :
>> > : Jabber : [email protected] <mailto:[email protected]>     :
>> > : ICQ    : 105677955              :
>> > :........:........................:
>> >
>> >
>> > Alex schrieb:
>> >> How can I pass a parameter between two actions, but making it so the
>> >> second action cannot receive said parameter directly from the user?
>> >
>> >> - alex (from iphone)
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iEYEARECAAYFAkmddaAACgkQ0HfT5Ws789BcDQCgw3bR3Y6igcjNOjF/+Ez8KxyA
>> 5j8AoNLINOw+tKAH01MZddSW+tZzuWla
>> =JxBh
>> -----END PGP SIGNATURE-----
>>
>
>

Reply via email to