[ic] Re: [include pages/[mv_arg] ]

interchange-users@icdevgroup.org interchange-users@icdevgroup.org
Fri Sep 6 06:04:09 2002


Rene Hertell writes: 

> 
>> You should be more security aware !! The user can view any file
>> in your catalog tree with the above code, e.g
>> mv_arg=../products/access.asc
> 
> True, I did not think of that. But luckily this variable is not viewable in
> the URL, because I use it in a redirecting actionmap (and the variable is
> named something else as in my question :) 
> 
> This is also a temporary solution. I had to find out a fast way in
> converting an old site into a "Powered by Interchange" site. Later on I'll
> add that included-stuff into a db.

Temporary solutions are usually the one with the longest life.
Recommended reading for you and probably everyone here:
The Pragmatic Programmer 

Bye
   Racke 

-- 
Prolific Interchange Consulting (Excellent German Quality !).
Take a look at Materialboerse (http://www.materialboerse.de/), WITT
(http://www.witt-weiden.de/), Boxmover (http://shop.boxmover.ch/) or
Passionshop (http://www.passionshop.com/racke). Need a shop ? Contact us.