• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: form validation
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: form validation

  • Subject: Re: form validation
  • From: John W Baxter <email@hidden>
  • Date: Wed, 13 Mar 2002 14:28:11 -0800
At 2:12 +0000 3/13/2002, has wrote:
>>I recommend Javascript for html-form validation before submission to any
>>CGI. Validation in Javascript is easier and earlier (client-side).
>
>Client-side JS -based validation would be good for augmenting server-side
>validation with the sort of convenient and sophisticated 'popup warnings'
>[1], etc that Jessica is looking for. It should _not_ be considered a
>replacement for it though, as you _cannot_ assume that all clients will
>have javascript-enabled browsers (or browsers with JS disabled [2]).

And client side validation *most assuredly* should not be done the way Bell
Atlantic did it.

You asked their web-based account information system for your account (by
phone number). Server sent back a JavaScript page which would validate
your access to that number's information. Included was all the information.

So you just had to ask about some number (listed or not) and read the
returned script to get the subscriber information. The obvious: name,
address, amount due, payment history, etc, and the not-so-obvious, such as
the "problem customer" flag (those who protest too much).

So a great noise arose in the land, and "they" fixed the problem. By
removing the link(s) to the page with the problem, but leaving the page.
So anyone who knew the URL could *still* access other people's data.

"They" is in quotes there for not the usual reason: while all this was
going on, the Bell Atlantic merger into Verizon was completed. The news
coverage of the web problem was more effective at getting the new name to
the customers than was Verizon's expensive ad campaign.

Don't do this at home, kids. ;-)

--john

OH...and it was no doubt possible to write an AppleScript script to gather
information for a group of numbers. There. Whew! ;-)

--
John Baxter email@hidden Port Ludlow, WA, USA
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: form validation (From: has <email@hidden>)

  • Prev by Date: Re: Converting original items...
  • Next by Date: Re: Crunch numbers
  • Previous by thread: Re: form validation
  • Next by thread: Anyone have experience scripting Acrobat ver. 4.0
  • Index(es):
    • Date
    • Thread