[SPT/CWIS] URL overrides of SysConfig
Edward Almasy
ealmasy at scout.wisc.edu
Mon May 5 16:42:15 CDT 2008
On Apr 30, 2008, at 9:38 AM, Kucera, Rich wrote:
> Is there an easy way to override some of the settings in $SysConfig
> from
> values given in the URL? Below is a patch to do that.
I would be very hesitant to incorporate code that allows all of the
configuration values to be overridden via values included in the URL,
as it will very likely open up your system to "injection" attacks, and
at minimum takes control of many of the system configuration options
out of your hands.
> I needed to be able to change the UI/Theme
> without having to log in and without having to set the entire
> default UI to
> the target UI. (Once control is passed to the target UI, all links
> can add
> the override, keeping the system returning to that UI without a
> login).
You want the UI set on a per-user basis? Or for it to change for all
users at once?
As much as we've been trying to move to REST-style stateless
operation, setting the UI on a per-user basis for users that aren't
logged in strikes me as something that should be handled by storing
something in the user environment (presumably directly or indirectly
via a cookie); appending a UI value to all internal links is probably
going to be an ongoing headache to maintain.
Ed
---
Edward Almasy ealmasy at scout.wisc.edu
Co-Director 1210 W Dayton Street
Internet Scout Madison WI 53706
Computer Sciences Department 608-262-6606 (voice)
University of Wisconsin - Madison 608-265-9296 (fax)
More information about the SPT-CWIS-Users
mailing list