in reply to Exec script within script or import sub...? help plz
Of course, with HTML::Template you could do stuff like this:
Then in the script:
This isn't atually a good way to enforce privilege levels. A clever user could post to your script supplying a "3" instead of a "2" for the "whaticando" parameter. You still need to enforce privilege on the server side without reference to what the client gives you. (Other than a cookie, say, which has it's own vulnerabilities similar to the one just given.) But this method let's your presentation vary based on a privilege level. There are probably neater ways to do this than I've shown.
<SELECT name="whaticando"> <option value="1"> Log off </option> <TMPL_IF name=Unprivileged> <option value="2"> Whistle a tune </option> </TMPL_IF> <TMPL_IF name=Privileged> <option value="3">Blow my horn</option> </TMPL_IF> </SELECT>
Then in the script:
if ($privileged){ $html->param( whaticando => 'Privileged' ); } else { $html->param( whaticando => 'Unprivileged' ); }
This isn't atually a good way to enforce privilege levels. A clever user could post to your script supplying a "3" instead of a "2" for the "whaticando" parameter. You still need to enforce privilege on the server side without reference to what the client gives you. (Other than a cookie, say, which has it's own vulnerabilities similar to the one just given.) But this method let's your presentation vary based on a privilege level. There are probably neater ways to do this than I've shown.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: Exec script within script or import sub...? help plz
by Stenyj (Beadle) on Jun 21, 2004 at 04:07 UTC | |
by hbo (Monk) on Jun 21, 2004 at 06:27 UTC |
In Section
Seekers of Perl Wisdom