On Wed, Oct 14, 2009 at 4:38 PM, Michael Enright <[email protected]> wrote: > No matter what display method you use, it sounds like an important > requirement is to keep users from ever viewing the HTML of a row other > than from your display app/page. It seems to me to achieve this you > must not use URIs alone to fetch the row view that goes in the row's > frame, because it's likely that the URI could be observed by a bad > guy.
The page linked to earlier, <http://www.artfulsoftware.com/infotree/mysqlquerytree.php>, seems to use some kind of temporary URL that prevents this.
