Best way to pass parameters

aducom · May 7, 2020, 8:43pm

[QUOTE=Giu;31770]But SriptCase is not a tool for a structure of 100 devs. A structure of 100 devs doesn’t needs a RAD, and any RAD fits on this structure.
You are right here. Maybe on V9, who knows.[/QUOTE]

In a structure of 100 devs it?s virtually impossible to control the quality of coding. Every chain is as strong as the weakest link. invulnerabilities are found in almost every product, even in the most popular CMS?s. Using a generator could be an advantages as you have sight on the weak points. But to the end/user. I don?t know. I still don?t see that as a security risk.

insecta · May 7, 2020, 8:43pm

I know this… but if in this structure there are 99 developer that know only PLSQL and Oracle forms and 1 that know php, and if they prohibit you to write code (almost impossible also with scriptcase, but near) and use framework, scriptcase is the right tool…

RHS · May 7, 2020, 8:43pm

Apropos global variables … I’am use that only in this way:


...
$_SESSION['app']['clipboard'] = ""; // http://kis.office.mydomain.de/kis/ablage/
$_SESSION['app']['d3_scan']   = ""; // http://kis.office.mydomain.de/kis/ablage/D3_scan/


$_SESSION['user']['id'] = 0;
...

In my apps then so:


$user_id = $_SESSION['user']['id'];

if ($user_id > 0) 
...

I have no problems with it that apps do not know the content of the session variable.

rr1 · May 7, 2020, 8:43pm

If you are so afraid of hacking your should add a global variable that (for example) holds the concatenated string of the global/get variables you want to protect in an encrypted string. Then when you enter the form simply check the variables with the encrypted string and you are done. If someone hacks an input variable then the encrypted string is no longer correct and you can immediately jump to some screen with an alert or send a mail or whatever.
I think only takes a few lines of code for each form.

maximnl · May 7, 2020, 9:04pm

I find it a very fundamental discussion. I can make these conclusions: Global variables are not that global, they live in the session, and you have to pass them each time you call an app. ? Why global variable has option Optional? You expect that if nothing passed it should check the session and only after that to ask for the user input. 2. Tabs sharing the same session is pretty cool but… We need an event such as global variable change. Otherwise tabs are out of sync and you need to refresh them to get the latest globvar out of the session. 3 nobody knows what are the settings of global variables in application globals, what session checkbox does?? 4. Global variables do not work in all parts of application. Try use it in an form image field upload folder. {} works, [] do not even the description suggests it should work. 5. Passing via get is new for me , it seems that it does not work in control application. Also, sc removes get parameter from url. Calling as app/?param=123 does not pass the param. Calling app/app.php/?param=123 gives error related to common libraries are not found

aducom · May 7, 2020, 9:04pm

Global variables are not by default of session type but of get/post which is a huge security issue as it should be by default session. Using get parameters then they automatically will be generated as a global in scriptcase. Guess the right name(s) and you have a huge security issue since you can overwrite existing globals. Never pass parameters using get unless you are sure that it will not give issues. Sometimes (i.e. on callback function) you need to have get parms, but then (i.e.) in financial gateways have a security encryption token. Bit off topic, perhaps, but globals can be very dangerous.