No, I guess you can't, but perhaps his/her supervisor can. I am serious in saying that while you may be tasked with providing a software wall to stop this action, the most efficient way to really stop it is by dealing with the people. If the customer doesn't care, then why would they ask you to prevent it? If they do care, perhaps they will see that there's a better way than lots of coding. Better mousetraps often just make smarter mouses, and then you still have the root of the problem in place after all that work.
Rick On 11/28/07, Mahan, Janet L [EQ] <[EMAIL PROTECTED]> wrote: > > ** I can't crack my customer's across the knuckles! > > Seriously, does no one else think that is a security issue for any user to > be able to overwrite the url and get to hidden forms? > > > Janet Mahan > Network Systems Administrator II > EMBARQ > > Voice: 941-766-6199 | Wireless: 321-356-0128 | Fax: 941-766-6199 > Email: [EMAIL PROTECTED] > > Voice | Data | Internet | Wireless | Entertainment > ------------------------------ > *From:* Action Request System discussion list(ARSList) [mailto: > [EMAIL PROTECTED] *On Behalf Of *Rick Cook > *Sent:* Wednesday, November 28, 2007 5:45 PM > *To:* [email protected] > *Subject:* Re: mid tier lock down URL > > ** Why, what could be simpler than a ruler across the knuckles, > administered as necessary? ;-) Seriously, my preference would be to simply > report this person for violation of whatever IT policy prohibits such > actions. That's assuming that (s)he is causing some problem by doing so. > > Rick > > On 11/28/07, Mahan, Janet L [EQ] <[EMAIL PROTECTED]> wrote: > > > > ** > > > > Is there a simple way for someone that doesn't know a lot about > > creating/modifying web pages to keep users from changing the URL in the > > mid-tier and going directly to a form that they have hidden access to?????? > > > > Janet Mahan > > Network Systems Administrator II > > EMBARQ > > > > Voice: 941-766-6199 | Wireless: 321-356-0128 | Fax: 941-766-6199 > > Email: [EMAIL PROTECTED] > > > > Voice | Data | Internet | Wireless | Entertainment > > > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
