[ic] Setting a Scratch Variable within an HREF tag
Chris Wenham
cwenham@netmonger.net
Sat, 18 Nov 2000 17:56:11 -0500 (EST)
>>>>> "Houman" == Houman Akhavan <houman@edigitalweb.com> writes:
> Is it possible to set a scratch variable when a user clicks on a link? I am
> guessing it would go into the href=[area page]. But, where would it exactly
> go?
Even though I don't know if it is or isn't possible, I don't think
that it should be possible and the reason is the mechanism
Interchange has that prevents a malicious and unauthorized visitor
from altering or deleting data.
The mechanism for updating (or deleting) records from a database
using a form makes use of a scratch variable to effectively say
whether it's okay or not to make the change. If you could set scratch
variables through a URL (or a POST method also) it would mean anybody in
the world could write whatever they like to your database just by
entering a properly crafted URL. It would defeat any mechanism you
have in place that verifies the authorization of the current visitor.
Regards,
Chris Wenham
NetMonger Communications