× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. March 2017

Re: Question on QTEMP and CGI Jobs

Richard

lets say your server has a SERVICE01.PGM that returns JSON with all your
customers and a
SERVICE02.PGM tha returns all your emplyees how do a sesion cookie prevent
a user that
snifs your SERVICE01.PGM URL to change it to SERVICE02.PGM?

Besides that cookies are changable by any who knows a little about how a
browser and
nodepad works.

On Sat, Mar 4, 2017 at 5:20 PM, Richard Schoen <
Richard.Schoen@xxxxxxxxxxxxxxx> wrote:

Can you point me to the SOX clause that says using a cookie is bad ?

I'm guessing you're tracking your session either by cookie or a hidden
variable somewhere or a query string. No ?

Using cookies are only bad if you're storing lots of client side data in
them and don't have appropriate back end logic in place to insure a session
is not spoofed.

Don't make stupid assertions in relation to my use of cookies.

You've never seen me eat before so how would you know what I do with
cookies ? :-)

Regards,

Richard Schoen
Director of Document Management
e. richard.schoen@xxxxxxxxxxxxxxx
p. 952.486.6802
w. helpsystems.com

-----Original Message-----
Richard

I use several AJAX calls when i launch my portal.

First the main accordion that is generated based on user rules.

Each of these accordion tabs is an object that points back to a service
that populates them using a simple JSON structure also based on
user rules.

This means that user A dosn't sees the same menues as user B since
he only sees functions he is allowed to process.

While this process i running the actual tree structure are build using
a Tree Traversal algoritm that also use recursive calls og sub-procedures.

And every for evry function there are issued a request in a tabel that
consist of the session random number, the request random number,
the CGI program name that all has to match to run the function and
the request may also hold server side parameters.

When a function is called the process starts again, request are made
for each service the function uses an server side parameters are
replicated down through the chain.

Since it is totally server controlled there are no cookies and the method
has also been SOX audited and by EU to meet the standards for protecting
systems that handles personal sensitive information where the penalty for
not doing that is up to 20 million EURO or, if you are a big international
company, 25% of the company global turnover. Nice guy's them in the
EU commission and i'm afraid that your cookie strategy down bring you
far in that line of business since they are regarded as unsafe ;-(
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.





As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.