[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

[ic] Re: [include pages/[mv_arg] ]

Subject: [ic] Re: [include pages/[mv_arg] ]
From: interchange-users@icdevgroup.org (interchange-users@icdevgroup.org)
Date: Fri Sep 6 06:04:09 2002
In-reply-to: <HAEFLHGFFHCKLMHGBFJMKEKHCAAA.interchange@hertell.com>
References: <HAEFLHGFFHCKLMHGBFJMKEKHCAAA.interchange@hertell.com>

Rene Hertell writes: 

> 
>> You should be more security aware !! The user can view any file
>> in your catalog tree with the above code, e.g
>> mv_arg=../products/access.asc
> 
> True, I did not think of that. But luckily this variable is not viewable in
> the URL, because I use it in a redirecting actionmap (and the variable is
> named something else as in my question :) 
> 
> This is also a temporary solution. I had to find out a fast way in
> converting an old site into a "Powered by Interchange" site. Later on I'll
> add that included-stuff into a db.

Temporary solutions are usually the one with the longest life.
Recommended reading for you and probably everyone here:
The Pragmatic Programmer 

Bye
   Racke 

-- 
Prolific Interchange Consulting (Excellent German Quality !).
Take a look at Materialboerse (http://www.materialboerse.de/), WITT
(http://www.witt-weiden.de/), Boxmover (http://shop.boxmover.ch/) or
Passionshop (http://www.passionshop.com/racke). Need a shop ? Contact us.

Follow-Ups:
- [ic] A very long form
  - From: interchange-users@icdevgroup.org (Philip Alves)

References:
- [ic] Re: [include pages/[mv_arg] ]
  - From: interchange-users@icdevgroup.org (Rene Hertell)

Prev by Date: [ic] Admin UI and multiple ProductFiles
Next by Date: [ic] Re: Track Product Views
Previous by thread: [ic] Re: [include pages/[mv_arg] ]
Next by thread: [ic] A very long form
Index(es):
- Date
- Thread