[Zope] Re: passing variables from one DTML method to another ...

Jim Sanford jsanford@atinucleus.com
Sun, 21 Nov 1999 08:29:58 -0600 

Yes, do not rely on this method for security. The html page could be saved
by user, modified in a text editor, reopened in browser and submitted.

I store that kind of stuff in a backend DB (PostGreSQL or VFP via ODBC) for
each user and do a wrapper call to a ZSQL method for the users info around
other calls to data and actions.

The Session product may also be helpful here (have not yet tried it but is
on my list)

 __________________________________________________________________

              Jim Sanford
      .       Database Engineer
     / \  /   Accelerated Technology, Inc.
    /   /     720 Oak Circle Drive East
   /  /  \    Mobile, AL 36609
  / /     \   Voice: 334-661-5770  fax: 334-661-5788
 /         \  E-Mail: jsanford@atinucleus.com
              Web: http://www.atinucleus.com

 Source Code, No Royalties, Any CPU...It just make sense !
 __________________________________________________________________

----- Original Message -----
From: Doug McNaught <doug@mcnaught.org>
To: Jens Vagelpohl <tommymi@concentric.net>
Cc: Darran Edmundson <Darran.Edmundson@anu.edu.au>; <zope@zope.org>
Sent: Saturday, November 20, 1999 11:21 AM
Subject: Re: [Zope] Re: passing variables from one DTML method to another
...


> "Jens Vagelpohl" <tommymi@concentric.net> writes:
>
> > use an invisible input element in your form in this case, something like
> > this:
> >
> > <input type="hidden" name="variable_name" value="value">
> >
> > this will be sent across to the form's target method with all other form
> > field data, and they aren't visible/editable by the person seeing the
form.
>
> But they are visible by viewing the HTML source, so don't rely on them
> for security.
>
> -Doug
> --
> Doug McNaught       doug@mcnaught.org     http://www.mcnaught.org/~doug
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
>           No cross posts or HTML encoding!
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>
>