Using Aurigma In 6.3.xxx - Commercial Forums :: How do I... - Web, Cloud & Mobile Applications Delivery and Migration Platform

Rich web/cloud/mobile app delivery

Search Forum Home

Forum Commercial Foru... Commercial Foru... Using Aurigma In 6.3.xxx

3/11/2010 4:06 PM

	derekmhart@yahoo.com
685 posts

Re: Using Aurigma In 6.3.xxx

It has been hugely problematic to use the other upload control, with IE errors specifically. So I am going to learn a little about using the asppagebox. Your comment about security issues may actually kill that idea, but I want to explore this further. The control I am using will upload files to the server. When I activate the popup from VWG, I will pass parameters into the popup that the asppagebox can use. I have learned how to do this in a different article. Now I can disable the popup if the URL is directly entered into a browser, simply by detecting if parameters were not sent into the popup. This will be in HTTPS. Does this sound pretty solid? Can you give me more information as to what are other ways this could not be secure?

3/11/2010 4:28 PM

	palli
11189 posts

Re: Using Aurigma In 6.3.xxx

Hi Derek,

I'm not sure what that "other" article presenting the feending of the paramters, but the first unsecure thing that comes to mind is that if the parameters mean query parameters, then you are no better off, as the user might be able to guess or somehow find out what query parameters need to be fed for the link to work.

Palli

Páll Björnsson - Visual WebGui support team - Email: support@visualwebgui.com

3/11/2010 5:04 PM

	derekmhart@yahoo.com
685 posts

Re: Using Aurigma In 6.3.xxx

Modified By derekmhart@yahoo.com on 3/11/2010 8:05:15 PM)

I went to this URL:

http://www.visualwebgui.com/Developers/Forums/tabid/364/forumid/29/threadid/19447/scope/posts/Default.aspx

In it you will find a post at 4/9/2009 6:20 AM showing how to pass parameters into form properties.

This is the method I will always use.

So the code would detect if a parameter was not properly filled.

Doesn't VWG have pretty good security in terms of the users not inserting parameters this way, directly into the properties of a form. Parameters might not be the right word here. No, I will not use query parameters ever.

Is this a secure process? What problems might there be?

3/11/2010 11:51 PM

	palli
11189 posts

Re: Using Aurigma In 6.3.xxx

Hi Derek,

From what I see, this should be a secure process by itself, but you still have the Asp page itself to worry about, right ?

Somehow I get the feeling that you are confusing AspPageBox and AspPageBase, which are two different kind of creatures. The code snippet you reference is valid for AspPageBase. For AspPageBox there is quite another story as for that control you need to have a full Asp page within your system that you reference with the AspPageBox.Path property and that's where you get the less interoperability between the Aspx page and your VWG application Ori did mention to you.

Palli

Páll Björnsson - Visual WebGui support team - Email: support@visualwebgui.com

3/12/2010 12:11 AM

	derekmhart@yahoo.com
685 posts

Re: Using Aurigma In 6.3.xxx

I am using the asppagebox... and setting the path property to an aspx page. The asppagebox is in a popup VWG form. I pass the properties into the popup form, so I can access many things, such as the UserID of the logged on user, so I can properly work with the SQL database behind it. I understand there is less interoperability, but if I can pass parameters into the popup (and into the aspx page), I can do many things. The article I referenced showed how to pass some properties into the aspx page inside the asppagebox. I am not using query parameters. I can detect in the aspx page if parameters are blank, and make the aspx page not operable without the proper parameters. So if the user goes directly to the URL, the page will not work because there is no way to send in the properties (parameters) if the user just knows the URL. Am I correct? What other problems might I encounter?