[Javascript] Passive, Javascript-callable, in-line(PHP)codereferences wit

David Lovering dlovering at gazos.com
Tue Apr 8 16:27:26 CDT 2003


Ah yes, when the <input> declarations are inside the span, they go "dark"
with respect to the outside DOM
model.  Same problem with OBJECT and PARAM declarations.  I'd forgotten --
thanks for reminding me.

In theory (there's a lot of that going around), the session method of
exchanging data elements uses a one-time
encryption key to fold the datagram into an out-of-band (at least outside
the URL) transfer to the other handler
which already has the encryption key [it generated it in the first place].
The only portion which is visible on the answerback URL is the session
identifier, which is useless without the key and the datagram.

My spies tell me that this session methodology is going to be part of the
new "secure-forms" handling suite which is part of the IPSec2 initiative.

-- Dave

> I was picturing those as user-accessible inputs, so you could get the
> parameters for the query
>
> If you have any "security nazis" addressing wire-theft, you could munge
the
> values and de-munge them in the server-side processor - but it's probably
> not worth the effort if someone simply views your munging routine.  (and
if
> a cracker can swipe your data off the wire, they can read the http headers
> as easily as the URL)
>
> I'm interested to see what you come up with, since i've added my $0.02 to
> this project without testing any of it  <g>
>
> -----Original Message-----
> BTW -- if we're being canonical, shouldn't the <input> declarations of
> var1,
> var2, etc. be inside the span? Not that I'm complaining, mind you...
>
> -- Dave Lovering
>
> Michael Dougherty wrote:
> >> If the idea is to put the result of a
> >> function into the document, then have you tried the iframe sourced on a
> >> remote procedure handler?
> >>
> >> <span ... >
> >>   <iframe id='callToServer' src='' ><iframe>
> >> </span>
> >> <input type='text' name='var1' value='a' />
> >> <input type='text' name='var2' value='b' />
> >>
> >> <span id='result'></span>
> >>
> >> <input type='button' value='SS-Compute'
> >>         onClick='callToServer.src= "/somethingReallyComplex.xyz?var1="
> >+ var1.value
> >> + "&var2=" + var2.value;
> >> result.innerHTML = callToServer.innerHTML; ' />
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
>
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
>
>




More information about the Javascript mailing list