Howdy, >>http://forums.devshed.com/archive/1/2000/08/2/1298 > >If you use this as your sole solution, I'll turn off Javascript and nail >your server simply for principle.
;) It all depends on your environment. I agree that for a general purpose open internet environment, the above is not sufficient. Right now all my projects are for corporations and stuff on their intranet, where this type of issue is not of high concern, so the client-side solution would be sufficient for me. (Yes, malicious users exist from the inside, I know, blah blah blah). FWIW, for that general purpose internet environment a synchronizer token isn't sufficient without a lot of specific coding for it in your application and certain setups on your server. And for a heavily clustered, high traffic environment, I've done some internal benchmarks that show the benefits of a synchronizer token to control access to resources are outweighed by its performance cost. It's all about the specific situation and requirements ;) Yoav Shapira Millennium ChemInformatics --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
