hwg-languages archives May 2001 new search results previous next

Re: Javascript redundant code...

by Andrej Kostresevic <temporalassassin(at)yahoo.com>

 Date:  Wed, 23 May 2001 10:57:27 -0700 (PDT)
 To:  JOSE ADRIANO BALTIERI <JABALTIE(at)iep-cen.unimep.br>,
hwg-languages(at)hwg.org
 In-Reply-To:  cen
  todo: View Thread, Original 
How about checking where the form was submitted from?
In asp you can pull it from server variables, i am not sure how to do it
in CGI.
~request.servervariables("HTTP_REFERER")~
This way, you can see if the form was submitted by a page on your website
or a modified page outside of it.
Andrej
--- JOSE ADRIANO BALTIERI <JABALTIE(at)iep-cen.unimep.br> wrote:
> Hello List !
> 
> We have a lot of Javascripts, mostly to validate forms. These forms are 
> submitted to our CGI programs. These CGI programs have to validate again
> 
> everything that had just been validated by Javascript. That's because
> one can 
> edit the page and remove the scripts from it, submitting an incorrect
> form. 
> Or more simply, just disable Javascript and submit the form (Netscape
> allows 
> that).
> 
> Then, if we were able to prevent or detect this situation, that is, be
> sure 
> that the form has been passed through our Javascript code, we would save
> time 
> (programming and machine) by avoiding redundant checks. Smaller CGI's
> also 
> would be a benefit. They would have to do only the other checks that 
> Javascript couldn't do, probably those against databases.
> 
> Have heard about signed scripts but don't know neither what they mean
> nor if 
> they would solve this problem.
> 
> Have thought also about delivering/receiving tokens but, they're not
> secure at 
> all...
> 
> Thanks for any kind of help !
> 
> 
>                                 Obrigado/Thanks a lot,
> 
>                                 Jose Adriano Baltieri
>                                 Analista de Sistemas
>                                 CPD - CENTRO
>                                 UNIMEP - Universidade Metodista de
> Piracicaba
>                                 PIRACICABA - SP - BRASIL
>                                 Fone : 055 0 XX 19 430-1858 (english
> spoken)
>                                 Fax  : 055 0 XX 19 430-1898 (cx postal
42778)


__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

HWG: hwg-languages mailing list archives, maintained by Webmasters @ IWA