cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ovidiu Predescu <ovi...@apache.org>
Subject Re: [RT] Flowmaps
Date Tue, 18 Jun 2002 07:09:28 GMT
On 6/17/02 11:22 PM, "Christian Haul" <haul@dvs1.informatik.tu-darmstadt.de>
wrote:

> On 17.Jun.2002 -- 09:35 PM, Ovidiu Predescu wrote:
> 
>> 
>> - automatic binding of JavaScript variables to form values. This would allow
>> you to declare something like:
>> 
>>   var username, password;
>> 
>>   // Send a page to collect the user name and the password
>>   sendPage("login.html");
>> 
>>   // When the user fills in the form and presses the submit button, the
>>   // script restarts here. The flow engine automatically binds the username
>>   // and password to the values submitted in the form.
> 
> Don't. It was one of the biggest mistakes PHP did securitywise. Always
> access request parameters explicitly.

Yes, I read somewhere about this, but don't know the details. Can you
explain some more?

I actually like the way variables are automatically bound in WebObjects,
where you have to explicitly define the automatic binding, by mapping an
instance variable to a form parameter. I was thinking to follow a similar
pattern, and have a way to specify that a given local variable in a function
is to be bound to a form parameter. In WebObjects this association is
totally under the control of the programmer, and the same way should be done
in Cocoon.

Could this be a potential security problem?

Greetings,
Ovidiu


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message