http://www.udev.info
Mail/Login: Password : forgot my password!
[UPDATE MODE]
Back

Using a input whitelist for Uniface USP

Direct link http://www.udev.info/uniface/using-a-input-whitelist-for-uniface-usp
Written by -GHAN- // Tags: whitelist input params scope uniface webinfo safe usp field entry

This little contribution shall help you, getting the inputs from the Web in a safe and wanted scope.

Lets imagine, you want to change the entity UCKEY and the parameters returning from the web have the corresponding field names. A very easy way to aqquire those values is
Uniface proc code SOURCE CODE
Sorry- ... please log-in or register to get this!

and then we are finished! But this is some sort of EPIC FAIL as we enable the web to manipulate the scope of the inputs. If we only wanted the fields "UDESCR" and "U_DOC" to be edited and use the above statement, then it would be very easy to append another field as "U_TLAB" to be changed as well!
And THATS very uncool, right?!

Whitelisting solves this problem

The idea of a whitelist is obvious. WE decice, which fields we need and expect and nothing else changes this scope.
First, we define which fields we want to use and do accept for the entity UCKEY. This is easy done in an entry:
entry en_whitelist_uckey SOURCE CODE
Sorry- ... please log-in or register to get this!

Then, when we need to get those inputs wherever in the server page, we simply call that entry and take it's return string as the inputs:
Uniface proc code SOURCE CODE
Sorry- ... please log-in or register to get this!

Comments

1729 view(s) / 2011-07-15 09:46:21 / LAST UPDATED: 2011-07-25 07:59:37