[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
[ic] Setting a Scratch Variable within an HREF tag
>>>>> "Houman" == Houman Akhavan <houman@edigitalweb.com> writes:
> Is it possible to set a scratch variable when a user clicks on a link? I am
> guessing it would go into the href=[area page]. But, where would it exactly
> go?
Even though I don't know if it is or isn't possible, I don't think
that it should be possible and the reason is the mechanism
Interchange has that prevents a malicious and unauthorized visitor
from altering or deleting data.
The mechanism for updating (or deleting) records from a database
using a form makes use of a scratch variable to effectively say
whether it's okay or not to make the change. If you could set scratch
variables through a URL (or a POST method also) it would mean anybody in
the world could write whatever they like to your database just by
entering a properly crafted URL. It would defeat any mechanism you
have in place that verifies the authorization of the current visitor.
Regards,
Chris Wenham
NetMonger Communications
_______________________________________________
Interchange-users mailing list
Interchange-users@www.minivend.com
http://www.minivend.com/mailman/listinfo/interchange-users
