SV: [thelist] Enough security

Andreas Wahlin Andreas.Wahlin at
Wed Nov 10 08:50:05 CST 2004

<Sessions cannot be forged like cookies (if ASP's are the same as PHP's

sessions, anyway), since all of the session information is stored server

side.  The only thing users can see is a hash that's used to determine  
which session that user owns.  The only danger with sessions is if
guesses or steals the hash of an existing session (this is the main
why I shy away from hashes that appear in URLs:  they show up in  

Ah, very good to know. Then it's better than I thought :)

<Provided you're protecting the database from SQL injections and making

sure that XSS attacks are not possible via form submissions (if ASP has
function similar to PHP's striptags(), that would be a good place to  
start), I would say what you're doing is "good enough".>

Now to google for XSS attacks and SQL injections ... Saw somethig about
SQL injections somewhere.
Thanks a bunch Chris, if we're hacked by some sicko who gets the adress
of his next victim I know who to blame .. Just kidding of course.

I'm trying to figure out some good tip, here goes

<tip author="Andreas Wahlin" author="JavaScript image managment">
You can make the browser precache images before displaying them. Let's
say you display a big text area, and you're pretty sure the user will go
to a heavy image area after that, you can define the pictures with
JavaScript like this

var cache = new Image();
image.src = "theSRCofTheImage";
Apart from setting all the image attributes (like cache.height) which
can be useful for really dynamic DOM scripting, it also has the
cache.complete property, that is set to true when the image is cached. 
Using this, you can even have a loading screen (oldskool glory)

while (!cache.complete)
  window.status = "loading";
// other code, such as a redirect to the correct page

More complete info on the image object in JavaScript

Note: Some browsers seems to have trouble caching at least big files
while loading other contents. A workaround is to trigger the caching
with a timer:
window.setTimeOut("cache();", 1000);
I haven't made extensive research on these behaviours.
Even just disabling an event with one millisecond have saved me from
some troublesome behaviour on Opera when doing crazy DOM stunts before.

More information about the thelist mailing list