Web programming and a different "type" problem
Ian Bicking
ianb at colorstudy.com
Tue Apr 29 18:19:37 EDT 2003
On Tue, 2003-04-29 at 07:50, Dave Cole wrote:
> Albatross solves this yet another way. As input tags are processed by
> the template interpreter the form tag accumulates a summary of all the
> input fields. When the form is closed the summary is then pickled,
> MD5 signed with a secret, compressed, and base64 encoded in a hidden
> field.
You mean, it takes the expected names? Like a form:
Object 1: <input type=checkbox name="id*" value=1>
...
Object 4: <input type=checkbox name="id*" value=4>
You create a hash of (in this small form) just "id*", and so confirm the
user isn't sending extra fields, or changing field names?
Seems a little odd... or are you doing something else? There's always
the issue of the security of hidden fields, but that's kind of a
different issue.
Ian
More information about the Python-list
mailing list