Kev
I don't think that it's a major security hole because (AFAIK) for a
#server to work it must be encrypted
and the encryption depends on the current sessionID and the page
so although a hacker can see the code - he/she can only activate it
for that page for that session - but they can see the encoded stuff
anyway
or so I believe - as u know I don't do any #server
Peter
On Fri, 20 Aug 2004 07:26:51 +0100, kevin furze <[EMAIL PROTECTED]>
wrote:
>just a question that we don't need to rush to answer, just curious
>because its in an intranet environment
>
>I created a csp page and included a call to #server
>when its generated into html code, I see the following
>
> // invoke #server(csp.findadealer.formLoad())
> return
> (cspRunServerMethod('JS_5bPNTkxV3Jgt1F6bgw_b/p_AE5pIg3Ue8DtjEajG291W-
> b32/arpdfdvr5vftA','') == 1);
>
>so the question is, I can see the
> // invoke #server(csp.findadealer.formLoad())
>
>what's the quick way to get that hidden. (seems like a security hole ??
>)
>
>
>kev
