[ic] Setting a Scratch Variable within an HREF tag

Chris Wenham cwenham@netmonger.net
Sat, 18 Nov 2000 17:56:11 -0500 (EST)

>>>>> "Houman" == Houman Akhavan <houman@edigitalweb.com> writes:

    > Is it possible to set a scratch variable when a user clicks on a link? I am
    > guessing it would go into the href=[area page]. But, where would it exactly
    > go?

 Even though I don't know if it is or isn't possible, I don't think
 that it should be possible and the reason is the mechanism
 Interchange has that prevents a malicious and unauthorized visitor
 from altering or deleting data.

 The mechanism for updating (or deleting) records from a database
 using a form makes use of a scratch variable to effectively say
 whether it's okay or not to make the change. If you could set scratch
 variables through a URL (or a POST method also) it would mean anybody in
 the world could write whatever they like to your database just by
 entering a properly crafted URL. It would defeat any mechanism you
 have in place that verifies the authorization of the current visitor.


Chris Wenham
NetMonger Communications