Re: [Wasp-development] WASP is Established...

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

On Jan 20, 2006, at 5:19 PM, electroteque wrote:

> Hi there, can someone answer my queries when i looked at wasp a  
> while ago, i can add variables in the get query when posting,  
> Request::getParameter('Add') is for both get and post its not  
> seperated possible security issue ?
>

I can't imagine how this would be a security issue.  It's more for  
convenience than anything.

Say you design a page that submits via the POST method to the  
server.  It's true that with WASP you could simulate such a submit  
via the query string in a GET, but it isn't really that much harder  
to design your own form with a POST to the same URL.  Any security  
issues that would arise from either a GET or a POST should be handled  
via setting a key in the session, or other form of access control on  
the server.

For reference, many Java Servlet frameworks behave the same way by  
having the doGet() method refer to the doPost() method.

Hope that helps!

-BF

>
> On 21/01/2006, at 9:33 AM, Brian Fioca wrote:
>
>> ... now lets keep running!
>>
>> With multiple front page spots on digg.com and now the O'Reilly  
>> ONLamp article exposure, WASP is an established PHP framework in  
>> the OSS community.  It feels great to have gotten this far, thanks  
>> to all who have made this possible.
>>
>> However, as more and more people begin to use WASP for their  
>> personal and professional applications, we have a responsibility  
>> to keep making WASP better.  Version 1.2 is in the can and ready  
>> for release in just a few days, and a lot of great things are  
>> happening with 1.3, 1.4, and 2.0.  Let's make sure we treat them  
>> as we would any major product release so people can have  
>> confidence in the quality of what we are producing.
>>
>> Here are some of the other things I'd like to do:
>> - create a separate WASP user list and/or forum
>> - finish WASP demo app (gojobby.com)
>> - redesign of the home page and logo
>> - get a pre-built XAMPP package (windows/linux) built and made  
>> available
>> - PHPUnit integration (http://www.onlamp.com/pub/a/php/2005/12/08/ 
>> phpunit.html)
>>
>> I'm currently writing two more articles, and will be helping out  
>> with coding work on upcoming releases.  With this new momentum,  
>> I'd like try to bring more contributors on board.
>>
>> Ultimately I'd like to get to the point where the answer to the  
>> question of "Why should we use PHP5?" is most decidedly, "So we  
>> can use WASP."
>>
>> -- Brian Fioca
>>
>>
>>
>>
>> -------------------------------------------------------
>> This SF.net email is sponsored by: Splunk Inc. Do you grep through  
>> log files
>> for problems?  Stop!  Download the new AJAX search engine that makes
>> searching your log files as easy as surfing the  web.  DOWNLOAD  
>> SPLUNK!
>> http://sel.as-us.falkag.net/sel? 
>> cmd=lnk&kid=103432&bid=230486&dat=121642
>> _______________________________________________
>> Wasp-development mailing list
>> Was...@li...
>> https://lists.sourceforge.net/lists/listinfo/wasp-development
>>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through  
> log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD  
> SPLUNK!
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> Wasp-development mailing list
> Was...@li...
> https://lists.sourceforge.net/lists/listinfo/wasp-development

/**
  * Brian Fioca
  * Chief Scientist / Sr. Technical Consultant
  * PangoMedia - http://pangomedia.com
  * @work 907.868.8092x108
  * @cell 907.440.6347
  */