Archive of:
 Fusebox
Cold Fusion Fuse Box List
home
24 hour view
quick stats
weekly updates
all tallylists
corporate solutions
archive your favorite
help / feedback
About CF Fusebox Methods :
product's home
product's list home
|
|
Archived TallyList / Fusebox:
Subject: RE: Managing program flow
 Nat Papovich (80p/+0r) Posted: Monday 07 May 2001
This post: 61 views, +0 rating
Right, but I would argue that it is safe to store only the productID, not the price, and calculate the price each time the display of it is needed by hitting the DB. Passing checkout information in hidden form fields CAN be secure, as long as you pass insecure data, not things like CC info, price, tax info, etc.
NAT
> -----Original Message----- > From: amittalwar@intellikaps.com [mailto:amittalwar@intellikaps.com] > Sent: Monday, May 07, 2001 4:46 AM > To: Fusebox > Subject: RE: Managing program flow > > > That wasn't my point. My point was the concept rather than the > impementation > attribute. > Check out www.bratcatalog.com > they do use hidden fields to store data and not at all secure. > Amit Talwar > Intellikaps > > -----Original Message----- > From: Nat Papovich [mailto:nat@webthugs.com] > Sent: Monday, May 07, 2001 9:52 AM > To: Fusebox > Subject: RE: Managing program flow > > > Erik is smart enough to either not store price info in a form field or to > check that price matches price for productID on order submission. > > > -----Original Message----- > > From: BORKMAN Lee [mailto:lee_Borkman@rta.nsw.gov.au] > > Sent: Sunday, May 06, 2001 6:11 PM > > To: Fusebox > > Subject: RE: Managing program flow > > > > > > Yes, but you can possibly live with hidden fields as long as you always > > check for a trusted referer. > > > > -----Original Message----- > > From: amittalwar@intellikaps.com [mailto:amittalwar@intellikaps.com] > > > > > > Hi, > > Well Erik It is Absoloutely going cause security hazards if you > are using > > hidden varables in your page. > > > > Conside this, for example you store price of a product as a hidden > > variable. Now if the users saves the page to his system and reduces the > > price and then submits the page you will never know that the price is > > correct or incorrect as there will be no cross check with the > price in the > > database. > > > > > > IMPORTANT NOTICE: > > This e-mail and any attachment to it is intended only to be read > > or used by > > the named addressee. It is confidential and may contain legally > > privileged > > information. No confidentiality or privilege is waived or lost by any > > mistaken transmission to you. If you receive this e-mail in > error, please > > immediately delete it from your system and notify the sender. > > You must not > > disclose, copy or use any part of this e-mail if you are not > the intended > > recipient. The RTA is not responsible for any unauthorised > alterations to > > this e-mail or attachment to it. > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/fusebox@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Similar Subject Line Posts (+/- two weeks of this post)
| Send a reply to the Fusebox list! |
 |
NOTE: Many lists will reject your post unless you have already registered with them. Also - don't forget the right account to send from (for those with multiple emails!) |
|
