[cgiapp] Re: LinkIntegrity vs ValidateQuery plugin?
Mark Stosberg
mark at summersault.com
Thu Apr 16 20:58:21 EDT 2009
> > However, only validation can check if in fact I have all parameters I
> > need in the right format. That protects against the case where my
> > application generates a link with a valid checksum, but somehow has the
> > wrong data in it. If I skipped validation in the receiving run mode, I
> > open myself up for a garbage-in/garbage-out problem, or perhaps worse.
>
> Wouldn't this be best solved by storing the links (or the checksum for
> a link) in a session? When they perform their next activity, the
> runmode checks to see if it (and the parameters on the URL) was one of
> the expected run modes when the previous page was displayed?
I have in mind cases where there is no session, and the links do not
change from person to person. For example, a public page displaying a
pet's photo, which requires a "pet_id" and "photo_id" to be passed in.
Mark
More information about the cgiapp
mailing list