[Javascript] RES: Maximun length of an id

SosCpdGMail soscpd at gmail.com
Tue Sep 11 14:58:21 CDT 2007 

Terry

Can't you create the elements on the fly? I use xmlhttprequest to load a php
page and document.write the result. This way you can hide most part of the
code, including html stuff. If you need a sample, call me back.





-----Mensagem original-----
De: javascript-bounces at lists.evolt.org
[mailto:javascript-bounces at lists.evolt.org] Em nome de Terry Riegel
Enviada em: terça-feira, 11 de setembro de 2007 14:17
Para: JavaScript List
Assunto: Re: [Javascript] Maximun length of an id

The reason for encrypting is because the id would "mean" something to  
the server, and someone could determine what it means to the server  
and change it to get the server to do something the page never wanted  
it to do.

I think I can illustrate by showing an example without an encrypted id.

<div class="editable" id="recordid-01234">
  This is the data from my database. It is record number 01234
</div>

If I take this example and then write some snazzy Javascript to post  
new data to the server, then I have just exposed my database. All  
someone would have to do is determine how my post is working and  
change recordid-01234 to recordid-01231 or something like that.

Does that make sense?

Terry




On Sep 7, 2007, at 3:38 PM, Terry Riegel wrote:

> Hello all,
>
> I am working on a text editing mechanism for my web sites. I am
> looking at something like
>
> <div class="editable" id="someidsotheserverknowswhattoupdate">
>   My editable text will be here
> </div>
>
> I plan on encrypting the ID so that it couldn't be meddled with and
> save to some other area of the site. I have several ideas for how
> this will work, and am open to any suggestions on that aspect
> (encryptng the id that is).
>
> My main question for this group is, is there any limit on the number
> of characters that can be found in an ID attribute?
>
>
> Thanks,
>
> Terry Riegel
> _______________________________________________
> Javascript mailing list
> Javascript at lists.evolt.org
> http://lists.evolt.org/mailman/listinfo/javascript
>

_______________________________________________
Javascript mailing list
Javascript at lists.evolt.org
http://lists.evolt.org/mailman/listinfo/javascript

More information about the Javascript mailing list