Pat Bremkamp
09-27-2004, 08:14 PM
With lots of help from you really smart guys, I'm making progress with my web app, but I've got another problem.

The attached jpeg shows a grid component I've created. The little "flower" icon is a link, and as you can see in the highlighted area, it sets a filter and goes to the next page. The trouble is, the filter is supposed to keep one user from seeing the other user's data. This method shows the filter in the address bar, so a crafty user could just change the filter, refresh the page and see someone else's data.

So, I want to set the filter in the page I'm linking to. Thanks to Jerry Britbill, I can do this, but I need a session variable set before the page is called. The value I need is in the hidden column "En_Id", and that value is used in the filter in the address bar. I just need to where and when to get it into the session variable.

One part of the trouble is that the link comes out of the grid component, not the page that contains it, and there are no available events to stick the Xbasic in that I can find.



Pat Bremkamp
09-27-2004, 08:19 PM
Sorry, Jerry. Should have been Jerry Brightbill, of course!

09-27-2004, 08:57 PM

First, I would change the name of the passed value name from list_list_filter to something less obvious like "lf=" A casual user may not make the connection. Another option is to change the passed value to something not recognizable. The id value you are passing could be a value that can't be obviously connected to a record, like a simple numeric autoincrement.

If you are real paranoid, you can create a simple substitution code and replace one letter of the alphabet (or number) with another. Since you are using the value in a hidden field, this field could be a calculated value from the id instead of the id. The page being called would have to take this value and reverse the substitution code to the original value.