[Za-pm] Re: Za-pm Digest, Vol 3, Issue 1 RE: maintaining state

Dr Giancarlo Contrafatto contrafa at biology.und.ac.za
Fri Sep 12 03:18:44 CDT 2003


On Thu, 2003-09-11 at 19:00, za-pm-request at mail.pm.org wrote:
> Send Za-pm mailing list submissions to
> 	za-pm at mail.pm.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://mail.pm.org/mailman/listinfo/za-pm
> or, via email, send a message with subject or body 'help' to
> 	za-pm-request at mail.pm.org
> 
> You can reach the person managing the list at
> 	za-pm-owner at mail.pm.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Za-pm digest..."
> 
> ______________________________________________________________________
> 
> Today's Topics:
> 
>    1. Maintaining state (Werner Moller)
>    2. RE: Maintaining state (Mark Hewitt)
>    3. Re: Maintaining state (Nico Coetzee)
> 
> ______________________________________________________________________
> 
> From: Werner Moller <wernerm at ifusion.co.za>
> To: 'za-pm at mail.pm.org' <za-pm at mail.pm.org>
> Subject: [Za-pm] Maintaining state
> Date: 11 Sep 2003 09:54:10 +0200
> 
> Hi Guys,
>  
> I need to maintain state (cookies, variables, sticky widgets or something)
> on a website where users log in and need to retrieve their information.
> However, the html pages and forms have already been designed with
> DreamweaverMX which rules out dynamic page generation with CGI. How do I go
> about retrieving information and placing it on the fields in the html pages
> after the user have logged in? I've completed the "Registration" scripts
> which place the information into a MySQL database.
>  
> Werner Moller

Hi folks;

yes, you can do all that with client-side Java Scripting although, as
Mark mentioned, there may be the odd reliability problem in cases sush
as when the user bypasses your scripted page by means other than a link
from a document. On the other hand, I have been doing client-side Java
password validation on my site for quite a few years and have not had
real problems with reliability. I suppose that's to be expected since
the bulk of traffic on my site is made-up of my students, perhaps a few
hundred hits a day during term: hits from outside may be as much as a
dozen a day.

I don't believe that security is a major problem for two reasons.
Firstly, the srcipts are client-side so, besides reading priviliges,
there is no access to the server: the client browser executes the script
and the cookies are written to the client machine. Second, the least
you'd do, would be to write your Java Script in an esternal script file,
maybe served from a more secure directory, so that the users would not
ordinarily get to see it, nor would they gain much information on the
structure of your system. Also, if the httpd is configured securely,
users would not get to view directories. 

A further advantage is that you would not even need to use a formated
dbase file such as MySQL. All info can be stored in a flat, text file or
within a reasonably hidden Java script. At the moment, for example, I
keep logon info for some 100 odd students in a script without apparent
loss of efficiency. It should actually be quicker that having to start
an SQL server, search and validate. Admittedly, since I have control
over my own server, I should do this by CGI and I may do so in the
future but, for the time being, it all seems to be working fine.

ciao

-- 
all men who have achieved great things have been great dreamers. 
Orison Swett Marden
####################################################################
Dr. Giancarlo Contrafatto
School of Life and environmental Sciences
University of Natal, 4041, Durban, RSA
Tel: +27 031 2603336 contrafa at biology.und.ac.za
####################################################################
visit Darwin at http://contra.biology.und.ac.za/




More information about the Za-pm mailing list