Re: Javascript redundant code...
by Andrej Kostresevic <temporalassassin(at)yahoo.com>
|
Date: |
Wed, 23 May 2001 10:57:27 -0700 (PDT) |
To: |
JOSE ADRIANO BALTIERI <JABALTIE(at)iep-cen.unimep.br>, hwg-languages(at)hwg.org |
In-Reply-To: |
cen |
|
todo: View
Thread,
Original
|
|
How about checking where the form was submitted from?
In asp you can pull it from server variables, i am not sure how to do it
in CGI.
~request.servervariables("HTTP_REFERER")~
This way, you can see if the form was submitted by a page on your website
or a modified page outside of it.
Andrej
--- JOSE ADRIANO BALTIERI <JABALTIE(at)iep-cen.unimep.br> wrote:
> Hello List !
>
> We have a lot of Javascripts, mostly to validate forms. These forms are
> submitted to our CGI programs. These CGI programs have to validate again
>
> everything that had just been validated by Javascript. That's because
> one can
> edit the page and remove the scripts from it, submitting an incorrect
> form.
> Or more simply, just disable Javascript and submit the form (Netscape
> allows
> that).
>
> Then, if we were able to prevent or detect this situation, that is, be
> sure
> that the form has been passed through our Javascript code, we would save
> time
> (programming and machine) by avoiding redundant checks. Smaller CGI's
> also
> would be a benefit. They would have to do only the other checks that
> Javascript couldn't do, probably those against databases.
>
> Have heard about signed scripts but don't know neither what they mean
> nor if
> they would solve this problem.
>
> Have thought also about delivering/receiving tokens but, they're not
> secure at
> all...
>
> Thanks for any kind of help !
>
>
> Obrigado/Thanks a lot,
>
> Jose Adriano Baltieri
> Analista de Sistemas
> CPD - CENTRO
> UNIMEP - Universidade Metodista de
> Piracicaba
> PIRACICABA - SP - BRASIL
> Fone : 055 0 XX 19 430-1858 (english
> spoken)
> Fax : 055 0 XX 19 430-1898 (cx postal
42778)
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
HWG: hwg-languages mailing list archives,
maintained by Webmasters @ IWA