Your right, but I was afraid that if I didn't check the URL for parameters,
it would/might still override my posted variables...  So I always hard
coded, the link, the previous page should have been from...  

<html>
%if(HTTP_REFERER !=
"http://www.pickleball.com/cgi-dta/OnlineReq/newreq.mac/main";)
    Invalid page attempt
    @DTW_EXIT()
 %endif

@DTW_UPPERCASE(USER,USER)

@verifypassword("*VERIFY",USER,"0","",PASSWORD,"0",newid,newidccsid,newidlen
,pwfile,returncode)
<FORM METHOD="post" name="checkpass">
<INPUT NAME="USER" TYPE="hidden" VALUE="$(USER)">

> -----Original Message-----
> From: Eyers, Daniel [SMTP:daniel.eyers@xxxxxxxxxxxxx]
> Sent: Thursday, July 17, 2003 1:58 PM
> To:   'Web Enabling the AS400 / iSeries'
> Subject:      RE: [WEB400] Avoid the address toolbar
> 
> 
> Tim's solution sounds similar to MVC.  If a servlet drove the application
> and used POSTed parameters to identify which
> view to present, the URL would be all but meaningless.  
> 
> If you used session variables, it would be even more robust....
> 
> dan
> 
> 
> -----Original Message-----
> From: Wills, Mike N. (TC) [mailto:MNWills@xxxxxxxxxxxxxx]
> Sent: Thursday, July 17, 2003 4:30 PM
> To: 'Web Enabling the AS400 / iSeries'
> Subject: RE: [WEB400] Avoid the address toolbar
> 
> 
> Maybe only allow POST not GET?
> 
> -----Original Message-----
> From: Hatzenbeler, Tim [mailto:thatzenbeler@xxxxxxxxxxxxx]
> Sent: Thursday, July 17, 2003 2:57 PM
> To: 'Web Enabling the AS400 / iSeries'
> Subject: RE: [WEB400] Avoid the address toolbar
> 
> 
> What I have done... And it's been a while, is pass my variables via form
> variables from one page to another, to avoid them showing up in the url...
> And then when I open the new page, I read the referer (?) URL, if the URL
> did not match what I expected, i send the page to an error page, this
> avoided page hopping, and paramater overrides..  i think...  I don't
> remember how complete my testing was, but it was for an intranet app, so I
> was too worried...  It wasn't a payroll lookup or anything...   
> 
> tim
> 
> > -----Original Message-----
> > From:       Peter Vidal [SMTP:Peter_Vidal@xxxxxxxx]
> > Sent:       Thursday, July 17, 2003 12:38 PM
> > To: web400@xxxxxxxxxxxx
> > Subject:    [WEB400] Avoid the address toolbar
> > 
> > Is there a way that programmatically we can deactivate the address
> toolbar
> > whenever a specific page is loaded?  I am trying to control "smart
> users"
> > that
> > are editing the paths coded in the address box and replacing parameters
> > with
> > their own.
> > 
> > Any ideas?
> > 
> > TIA,
> > Peter Vidal
> > Pall Aeropower Corp.
> > SR Programmer Analyst
> > WWW.Pall.com / 727-539-8448, x2414
> > 
> > "A good player makes himself look good; a great player makes the team
> look
> > good."
> > Author unknown
> > 
> > 
> > _______________________________________________
> > This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> > To post a message email: WEB400@xxxxxxxxxxxx
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/mailman/listinfo/web400
> > or email: WEB400-request@xxxxxxxxxxxx
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/web400.
> This e-mail message, including any attachments, is for the sole use of the
> intended recipient(s) and may contain confidential or privileged
> information.  Any unauthorized review, use, disclosure or distribution is
> prohibited.  If you are not the intended recipient, please contact the
> sender by reply e-mail and destroy the message.
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential or privileged
information.  Any unauthorized review, use, disclosure or distribution is
prohibited.  If you are not the intended recipient, please contact the
sender by reply e-mail and destroy the message.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].