<br> If you're worried about SQL injection, why wouldn't you just take care of that when designing your server-side code?<br><br> Besides, couldn't someone just write a parser that takes your HTML and finds whatever the encrypted ID is now... and then uses *that* to submit whatever data they want?<br><br><font face="Tahoma, Arial, Sans-Serif" size=2>
<hr align=center width="100%" SIZE=2>
<b>From</b>: Terry Riegel <riegel@clearimageonline.com><br></font><br>The reason for encrypting is because the id would "mean" something to <br>the server, and someone could determine what it means to the server <br>and change it to get the server to do something the page never wanted <br>it to do.<br><br>I think I can illustrate by showing an example without an encrypted id.<br><br>
<div class=editable id=recordid-01234><br>This is the data from my database. It is record number 01234<br></div><br><br>If I take this example and then write some snazzy Javascript to post <br>new data to the server, then I have just exposed my database. All <br>someone would have to do is determine how my post is working and <br>change recordid-01234 to recordid-01231 or something like that.<br><br>Does that make sense?<br><br>Terry<br><br><br><br><br>On Sep 7, 2007, at 3:38 PM, Terry Riegel wrote:<br><br>> Hello all,<br>><br>> I am working on a text editing mechanism for my web sites. I am<br>> looking at something like<br>><br>>
<div class=editable id=someidsotheserverknowswhattoupdate><br>> My editable text will be here<br>> </div><br>><br>> I plan on encrypting the ID so that it couldn't be meddled with and<br>> save to some other area of the site. I have several ideas for how<br>> this will work, and am open to any suggestions on that aspect<br>> (encryptng the id that is).<br>><br>> My main question for this group is, is there any limit on the number<br>> of characters that can be found in an ID attribute?<br>><br>><br>> Thanks,<br>><br>> Terry Riegel<br>> _______________________________________________<br>> Javascript mailing list<br>> Javascript@lists.evolt.org<br>> http://lists.evolt.org/mailman/listinfo/javascript<br>><br><br>_______________________________________________<br>Javascript mailing list<br>Javascript@lists.evolt.org<br>http://lists.evolt.org/mailman/listinfo/javascript<br><br>