Menu
▾
▴
binarycloud-dev
|
From: Justin F. <je...@ey...> - 2001-07-02 07:17:19
|
Guys:
I have been trying to get some experience and feel for
BC when a site/application starts snapping modules
together from different "packages". I have run across
a "problem", that is not a problem, really, just
that some kind of convention has to be established
for the set of modules that we (Eye) are going to use.
It is kind of interesting that the first simple thing
I did, I used anchor tags for navigation, and therefore
used the $HTTP_GET_VARS to collect information after
the round trip. Then, if another module used a
<form>, I used POST. SO, after the round trip,
I would collect what I needed from either HTTP_GET_VARS
or HTTP_POST_VARS, whichever I was expecting. Just
getting started, the modules were not "general", and
I just coded like I was doing a stand-alone site.
I am certainly not used to not knowing where the
data is going to come from after the round trip.
However, to use, and make general, a BC module, you
have to do something like:
(a passed-in parameter is needed)
1. check if HTTP_GET_VARS['parm'] is not empty.
2. if not empty, set the internal class var.
3. check if HTTP_POST_VARS['parm'] is not empty.
4. if not empty, set the internal clas var, overriding
any GET pass of $parm. THIS ESTABLISHES THE
PRECEDENCE OF POST OVER GET (and any built-in default).
5. check if the $this->parm is empty.
6. if it is empty, then, buddy, you have to do something
and trap that error gracefully. Otherwise, these
modules are not going to "work right" with any
other package:module. And I hope that PEARerror makes
this easy, calling it, hoping it will clean up
properly and clean up gracefully, when exiting.
[I haven't looked at PEARerror yet]
Now, I hate GET vars because of their security problem.
As far as I am concerned, their only utility is for
bookmarking, or lazy coders. They are a definite security risk if you
have weaknesses in your design.
So, in BC, if I want to lay down the law, and force
everyone to:
1. use POST
2. or use a cookie
3. or establish a common precedence like POST/cookie/GET
4. or something else.
So, what do youse guys do?????
THIS MAY BE IMPORTANT for the community in general. There
is no reason for Alex to "establish policy" on this, but
if there is no convention, then in the brave new world
of binarycloud, when we start exchanging modules or
contributing them, this very-important-precedence of
var-passing must be honored, i.e., a convention is "needed".
I donno what I am going to do at my business, but I may
say
1. Use POST when you can
2. Use a cookie if you can't
and that implies a session for all modules to work right
together if drawn from different packages.
But, if Andreas contributes something cool, and uses GET
to start a round trip, my modules have to look in GET first
and then error out.
Or else, I have to rewrite/check every flippin' module that
I will pull down to check. I think you see the "problem"
if I don't do a re-write.
Maybe this does not seem like a "problem" to youse guys.
Pour moi, l'administrateur anale - it is a "problem".
Again, what do you gurus do???? Was this an issue, ever,
with r1, which I know nothing about?
_jef
--
Justin Farnsworth
Eye Integrated Communications
321 South Evans - Suite 203
Greenville, NC 27858 | Tel: (252) 353-0722
|
|
From: Alby L. <al...@th...> - 2001-07-02 13:05:32
|
Justin,
I am one of those lazy coders, but I can't stand using GET but often do to
ensure the integrity of my variable names and values. This has been a thorn
in my side and I would like a method to handle this insecurity as well.
My initial thought would be to include a debug option to globally echo all
post varnames and values to the page. This is not a holistic solution
however as I am often using servlet like pages that only include code and
call a header ("Location: snafu.php"); when my logic is done.
Anyone have any other ideas/problems to contribute to this?
Alby Lash
Justin said, and I quote:
"
Now, I hate GET vars because of their security problem.
As far as I am concerned, their only utility is for
bookmarking, or lazy coders. They are a definite security risk if you
have weaknesses in your design.
"
|
|
From: Andreas A. <a.a...@th...> - 2001-07-02 14:01:08
|
Hi Alby, Justin,
> I am one of those lazy coders, but I can't stand using GET but often do to
> ensure the integrity of my variable names and values. This has been a
thorn
> in my side and I would like a method to handle this insecurity as well.
> My initial thought would be to include a debug option to globally echo all
> post varnames and values to the page. This is not a holistic solution
> however as I am often using servlet like pages that only include code and
> call a header ("Location: snafu.php"); when my logic is done.
> Anyone have any other ideas/problems to contribute to this?
I'm with you. I don't like GET vars very much because they mess up the
Location-Input-Line. In fact that's just an aesthetic concern. What the
security concerns GET vars are not more dangerous than POST vars, except
that the bad guy does not have to view the html source and start his attack.
So it does not matter if post or get (imho), everything coming from the
outside is a potential security risk and therefore it should be carefully
doublechecked twice. I don't want to use forms for each and every operation.
If such high security is required and checking the incoming is not enough -
maybe SSL is an option.
Sometimes GET is really useful. If you have a list of db results you want to
display, for example. E.g. I would use the GET var for the "delete"
operation. To avoid using forms and maybe image buttons for every row (of
course with a "are you sure" question).
Or for switchting languages. Or for the sessionId if cookies are disabled. I
personally don't rely that users do have cookies enabled.
Have a look over the request class (in core). There is also a newer version
available as soon as alex makes the cvs synch.
Andi
|
|
From: Alex B. <en...@tu...> - 2001-07-02 17:51:52
|
> Have a look over the request class (in core). There is also a newer version > available as soon as alex makes the cvs synch. Yes, do... and thanks for reminding me about the synch. _alex -- alex black, ceo en...@tu... the turing studio, inc. http://www.turingstudio.com vox+510.666.0074 fax+510.666.0093 |
|
From: Alex B. <en...@tu...> - 2001-07-02 17:50:01
|
> So, in BC, if I want to lay down the law, and force > everyone to: > > 1. use POST > 2. or use a cookie > 3. or establish a common precedence like POST/cookie/GET > 4. or something else. > > So, what do youse guys do????? use the request class, which I have not tested - but the idea is to be able to completely control your incoming vars. so you could have a constant in the user conf that just shuts off access to get vars through thr request class. that could be cool. > THIS MAY BE IMPORTANT for the community in general. There > is no reason for Alex to "establish policy" on this, but > if there is no convention, then in the brave new world > of binarycloud, when we start exchanging modules or > contributing them, this very-important-precedence of > var-passing must be honored, i.e., a convention is "needed". Thus request. use of request _will_ be required for all binarycloud-distro packages, so installations can retain control over their own environment. > I donno what I am going to do at my business, but I may > say > 1. Use POST when you can > 2. Use a cookie if you can't > > and that implies a session for all modules to work right > together if drawn from different packages. ? > But, if Andreas contributes something cool, and uses GET > to start a round trip, my modules have to look in GET first > and then error out. We haven't integrated PEAR_Error yet - but I don't think I see the problem? > Or else, I have to rewrite/check every flippin' module that > I will pull down to check. I think you see the "problem" > if I don't do a re-write. > > Maybe this does not seem like a "problem" to youse guys. > Pour moi, l'administrateur anale - it is a "problem". I don't get it, can you provide a little more detail? > Again, what do you gurus do???? Was this an issue, ever, > with r1, which I know nothing about? R1 assumes that you have register_globals On, which I didn't like. Request completely solves all those problems, because it add a nice, configurable request layer for all "incoming" user data. > _jef > > _alex |
Thanks for helping keep SourceForge clean.
X