- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Wed, 14 Oct 2009 16:54:44 -0400
On Wed, Oct 14, 2009 at 4:38 PM, Michael Enright <michael.enright at gmail.com> wrote: > No matter what display method you use, it sounds like an important > requirement is to keep users from ever viewing the HTML of a row other > than from your display app/page. It seems to me to achieve this you > must not use URIs alone to fetch the row view that goes in the row's > frame, because it's likely that the URI could be observed by a bad > guy. The page linked to earlier, <http://www.artfulsoftware.com/infotree/mysqlquerytree.php>, seems to use some kind of temporary URL that prevents this.
Received on Wednesday, 14 October 2009 13:54:44 UTC