Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Who Called Me?
Message
From
03/11/2000 14:23:14
Erik Moore
EKraft
Austin, Texas, United States
 
 
To
03/11/2000 14:01:24
Daniel Rouleau
Consultant
Glen Allen, Virginia, United States
General information
Forum:
Visual FoxPro
Category:
Coding, syntax & commands
Title:
Re: Who Called Me?
Miscellaneous
Thread ID:
00436100
Message ID:
00437802
Views:
21
>All(?) frameworks include a form manager to manage forms.
>The form manager usually has a DoForm method which receives
>some parameters and instantiates a form based on those
>parameters (whether through DO FORM or CREATEOBJECT is not
>relevant). The method usually does not verify that the
>parameters correspond to a form because it is assumed
>developers will only send valid parameters and, if they will
>catch any error in development. Note that you could
>"improve" the method by verifying that the parameters
>represent a form or a class which baseclass is form. IMO,
>it's not worth it because the erroneous parameters should
>be caugth in development.

Sorry, I'm not following how this pertains to the discussion.

>What about a situation where an class exists solely to be a
>bridge (controller) between a UI object (form) and other
>objects that represent mission critical physical entities
>(a machine in a production line). The form may only be able
>to send a limited number of messages to the controller but
>the controller may be able to send all messages to the
>machine. I for one, would not want the form to directly
>send messages to the machine.

Then obfuscate access to the machine in the controller object. IOW, Make the controller object the sole entity with access to the machine. This is the same concept as a data access object.

>Using parameters may not be acceptable because they can be
>guessed at. I not sure which properties Erik was referring
>to. If he refers to the machine's properties, does it mean
>the form must be able to directly manipulate the machine?
>This would not be any improvement on the on the parameters
>idea IMO. If he refers to the sender's properties, the
>machine knows something about the sender. IMO, it's a better
>idea to authentificate the sender.

If security is such an issue, why does the form even have access to a machine object at all? If the access is there, and you are worried about developers gaining unauthorized access to an object, what's to keep them from observing the properties of the controller, and impersonating them?

I still don't see a valid reason in this case.
Erik Moore
Clientelligence
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform