Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.

Semenatic web (WDDX/SOAP) and Smarty

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Tips and Tricks
View previous topic :: View next topic  

What does you thinking about sementic web native Smarty support?
I welcome this, if there wouldn't be any security risk
66%
 66%  [ 4 ]
Why I should use this?
16%
 16%  [ 1 ]
I would be happy, when other developers give me acces to their site in XML-WDDX
0%
 0%  [ 0 ]
I always plan to deny give my data in other form than human readeble
16%
 16%  [ 1 ]
Total Votes : 6

Author Message
markon
Smarty Rookie


Joined: 11 Jun 2004
Posts: 6
Location: Czech Republic

PostPosted: Fri Jun 11, 2004 11:31 am    Post subject: Semenatic web (WDDX/SOAP) and Smarty Reply with quote

Sometimes I am interesting in web mining and I've an idea about construct universal way to make possible web robots fetch information from any site running smarty.

WDDX is easist way to connect web pages on internet

There is first example how to use WDDX in your sample php code
[php:1:81aaa26dfc]
if(isset($_REQUEST['wddx'])){
$smarty->assign('wddx', wddx_serialize_value($smarty->get_template_vars('users')));
}
[/php:1:81aaa26dfc]

And now we took code to template too

Code:

{if $wddx}{$wddx}{else}

...template

{/if}


Now if somebody try to fetch data from our site, he can easily use wddx, like this

Code:

skript.php?show_users=1-10&wddx=true


And you'll get this in XML!

Code:

<wddxPacket version='1.0'><header/><data><array length='5'><struct><var name='php_class_name'><string>stdClass</string></var><var name='id'><string
...


It can be easily parsed by built-in PHP function http://www.php.net/wddx

But there is an security problems

WRONG!

Code:

SELECT * FROM users


It may return form example passwords, private data and much more

RIGHT

Code:

SELECT `id`,`name`,`hobbies` FROM users


It will return only data what you want

Future
I am going to plan native support in Smarty. My idea is everything what you generate to HTML code should be accesible by XML like WDDX.

But there is only one problem - security risk. For native support generating semantic data are important give user only data dat can be accessed via HTML. But now, when you use command like "SELECT * ..." you mustn't show data in HTML to be accesible by WDDX. There is no problem for experienced programmers, but lame's can do much mistakes. Very Happy Cool Laughing
_________________
--markon
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Tips and Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP