• (cs) in reply to Mung Kee
    Mung Kee:
    ...and what about ActiveX and Applets?  Scripting?


    No, ugly and kludgy.
  • Aaron (unregistered) in reply to UncleMidriff

    If it were a shopping cart I would avoid the javascript portion of this by creating a confirmation page. Instead of auto-submitting the form, present it to the user as a data confirmation page.

    Example

    Please confirm your order details. Once complete click "submit order".

    Order Details

    Name: Bob
    Total: $52
    Shipping: $8

    Submit Order

  • (cs) in reply to Mung Kee
    Mung Kee:

    Anything executed client-side has very little to do with .NET.


    Don't you expect MS will sooner or later built something comparable to Java applets (or java web start) into .NET?
  • (cs) in reply to Ytram
    Ytram:
    Mung Kee:
    ...and what about ActiveX and Applets?  Scripting?


    No, ugly and kludgy.


    Couldn't agree more.  He just said that anything running on the client was script.  Not so.
  • (cs) in reply to ammoQ
    ammoQ:
    Mung Kee:

    Anything executed client-side has very little to do with .NET.


    Don't you expect MS will sooner or later built something comparable to Java applets (or java web start) into .NET?


    Wasn't the applet a response to ActiveX?
  • SaCuL (unregistered)
    Alex Papadimoulis:

    a scalable, vendor-supported, compiled



    Please redirect your web browser to www.zend.com then start to talking about


  • Anonymuz (unregistered) in reply to ammoQ

    ammoQ:
    Mung Kee:

    Anything executed client-side has very little to do with .NET.


    Don't you expect MS will sooner or later built something comparable to Java applets (or java web start) into .NET?

    Actually, .Net "applets" have been possible since version 1.0 :)

  • (cs) in reply to Mung Kee
    Mung Kee:
    ammoQ:
    Mung Kee:

    Anything executed client-side has very little to do with .NET.


    Don't you expect MS will sooner or later built something comparable to Java applets (or java web start) into .NET?


    Wasn't the applet a response to ActiveX?


    If anything, it was the other way round. Applets were the form in which Java was originally promoted as THE hot next thing on the internet, gaining wide deployment by being integrated in Netscape 2.0 in December 1995. Microsoft responded by creating something similar with ActiveX, integrated in MSIE 3.0, which came out mid-1996. Though AFAIK it was really just a new name for something they already had (OCX, derived from OLE). Technologically, ActiveX is totally different from Java, the only similarity is that both can be integrated into webpages, in that, MS pretty clearly followed Sun's lead because they also believed at least partially in the applet hype and wanted to offer something similar.

    Of course, today we know that Java applets turned out to be mostly a pointelss and annoying toy, that they probably more hurt than helped Java's ultimate success in a totally different area, and that ActiveX became mostly a source of security holes.

    Which is why I don't really think anything similar will be built into .NET, though something like JavaWebStart may well be. It's a pretty good idea, only not executed very well, and badly underpromoted.
  • (cs) in reply to James

    I don't think the condescending tone of your post was necessary

    Anonymous:
    Get a real payment gateway that provides an API to their services, I use authorize.net and it is the one I prefer, but I have also used PayPal's Web Payments Pro (even they provide a logical way to interfece with them).

    Basically, you set up a SOAP request with a username and password, credit card details, etc, and (at least on linux) use curl to send the data and receive a response... and use a cert to encrypt the line.

    Even if they don't allow for this, you can use curl to submit the data to the server from the server behind the scenes (rather than relying on javascript, which the client may not have enabled). I am sure that something like curl exists on .NET platforms, although I have never done .NET work



    The choice of payment gateway is not currently nor was it ever up to me.  I can only work with the choice my "client" has made, no matter how much I like or dislike it.

    That said, the payment gateway I'm using does offer an API to their services.  Every bit of payment processing could be done behind the scenes of any type of application I can think of.

    The reason we're not using that is because the people I'm working with were very irresponsible with credit card data in the past, and so their higher ups have told them that they can't even touch sensitive credit card data.  Sending the credit card number, no matter how encrypted, via SOAP or whatever, would get them a big slap on the wrist due to their previous incompetence.  What they can do is have a reputable third party collect the necessary sensitive info, process that info, and then send us back the results which contain only the information we need to reconcile payments made through the third party with our data.  Hence my need to redirect the users to the third party's site from our own.

    Anonymous:
    If you are cheap or too stupid to use either method, you could just use hidden input fields and submit the form to the payment gateway for processing (basically show them their order total and have the details they entered in hidden inputs) and submit to the site, and have a page that captures the post back.

    Either way, I don't see the reason for the suggestions of silliness with javascript you "experts" have made. :D


    That's essentially what I have been doing and what the " "experts" " here have suggested, as far as I can tell.
  • (cs) in reply to Mung Kee
    Mung Kee:
    MartinL:
    Jeff S:

    ASP.NET doesn't use scripting languages.  The entire .NET framework library and any language available to it (strongly typed and fully compiled) is at your disposal.

    Well, anything that is meant to be executed client-side must be in a scripting language. Just because the server uses .NET, that does not mean every browser does.

    So yes, you do use scripting languages in .NET web applications.



    Anything executed client-side has very little to do with .NET.

    Be careful about making statements like that... Atlas is a huge part of ASP.NET 2.0. 

  • (cs) in reply to Not Registered
    Not Registered:
    Mung Kee:
    MartinL:
    Jeff S:

    ASP.NET doesn't use scripting languages.  The entire .NET framework library and any language available to it (strongly typed and fully compiled) is at your disposal.

    Well, anything that is meant to be executed client-side must be in a scripting language. Just because the server uses .NET, that does not mean every browser does.

    So yes, you do use scripting languages in .NET web applications.



    Anything executed client-side has very little to do with .NET.

    Be careful about making statements like that... Atlas is a huge part of ASP.NET 2.0. 


    That's rediculous.  It's JavaScript on the client interacting with ASP.NET components on the server.  Fundamentally, it's like every other HTTP request.  There may be client libraries that interact with ASP.NET components, but that doesn't make those client libraries ASP.NET.  You may as well say Google.com is ASP.NET because it has links to ASP.NET pages on it.  I reiterate, anything executed client-side has very little to do with .NET.
  • (cs) in reply to Mung Kee

    The underlying language is irrelevant... it is a .NET specific technology.   You should call Bill Gates and tell him his PDC keynote speach was incorrect.  While I'm googling ASP.NET why don't you google this...

    PDC Session PRS 312 "ASP.NET: Future Directions Developing Rich Applications with "Atlas" "

    The .NET framework isn't written in C#, does that mean the .NET Framework isn't part of .NET? ...  Atlas is a .NET specific technology written in JavaScipt... 

  • (cs) in reply to Not Registered
    Not Registered:

    The underlying language is irrelevant... it is a .NET specific technology.   You should call Bill Gates and tell him his PDC keynote speach was incorrect.  While I'm googling ASP.NET why don't you google this...

    PDC Session PRS 312 "ASP.NET: Future Directions Developing Rich Applications with "Atlas" "

    The .NET framework isn't written in C#, does that mean the .NET Framework isn't part of .NET? ...  Atlas is a .NET specific technology written in JavaScipt... 



    While true that it may be a .NET technology, it doesn't run on the .NET platform.  It runs on the client.
  • (cs) in reply to Mung Kee
    Mung Kee:
    Not Registered:

    The underlying language is irrelevant... it is a .NET specific technology.   You should call Bill Gates and tell him his PDC keynote speach was incorrect.  While I'm googling ASP.NET why don't you google this...

    PDC Session PRS 312 "ASP.NET: Future Directions Developing Rich Applications with "Atlas" "

    The .NET framework isn't written in C#, does that mean the .NET Framework isn't part of .NET? ...  Atlas is a .NET specific technology written in JavaScipt... 



    While true that it may be a .NET technology, it doesn't run on the .NET platform.  It runs on the client.

    Everything in .NET, at some level, runs in a non-managed environment.  We can't run Winforms without the comctl32.dll , we wouldn't have .NET Printing without the microsoft postscript printer, and remoting would be useless without non-managed transportation protocols.  So getting back to your original statement that started this conversation:

             Anything executed client-side has very little to do with .NET.

    Isn't correct.  MS long term strategy is to blur the lines between browsers and windows.  MS can't rewrite the internet. Therefore many of the new .NET technolgies will be based on non-managed WC3 technologies and run in non-managed environments. 

  • (cs) in reply to Not Registered
    Not Registered:
    Mung Kee:
    Not Registered:

    The underlying language is irrelevant... it is a .NET specific technology.   You should call Bill Gates and tell him his PDC keynote speach was incorrect.  While I'm googling ASP.NET why don't you google this...

    PDC Session PRS 312 "ASP.NET: Future Directions Developing Rich Applications with "Atlas" "

    The .NET framework isn't written in C#, does that mean the .NET Framework isn't part of .NET? ...  Atlas is a .NET specific technology written in JavaScipt... 



    While true that it may be a .NET technology, it doesn't run on the .NET platform.  It runs on the client.

    Everything in .NET, at some level, runs in a non-managed environment.  We can't run Winforms without the comctl32.dll , we wouldn't have .NET Printing without the microsoft postscript printer, and remoting would be useless without non-managed transportation protocols.  So getting back to your original statement that started this conversation:

             Anything executed client-side has very little to do with .NET.

    Isn't correct.  MS long term strategy is to blur the lines between browsers and windows.  MS can't rewrite the internet. Therefore many of the new .NET technolgies will be based on non-managed WC3 technologies and run in non-managed environments. 



    Oh, come on. Atlas is conceptually identical to Sarissa -- it is not .NET specific. It may blend well with the .NET concept of XML request/response and HTTP transport, but in essence it's nothing more than a wrapper for cross-browser XMLHttpRequest (and a workaround for a lack of support for getElementsByTagNameNS()). Can you do neat things with it? Sure -- but you can do exactly the same neat things without it. Atlas is a developer's productivity tool that does not change the game in any way, except to isolate the developer from some of the nastier bits of cross-browser coding (there are still some issues, even with the W3C DOM in place).
  • (cs) in reply to MechCow

    C'mon now, the difference between a scripting language is generally considered to be the presence or lack of compilation. Scripts are compiled at execution and sometimes even during execution, then thrown away. Usually the scripts themselves are just simple or complex one-offs. Programs are compiled once (well, whenever they change) and that code reused.

    Some languages blur this: PHP can generally be compiled, optimized, and cached now; ASP was moving in this direction before ASP.Net made it moot. .Net includes far more dynamic execution possibilities than C++/Java, and vb.net and js.net still often default to variant types to support loose typing. But most people still build crappy underengineered stuff with PHP and vbscript/js/asp.net, major applications in C#/Delphi.Net, and application-lites with vb, so their monikers aren't entirely useless.

    Eventually some firmer definition will have to come out, but it's pointless arguing about it when no one bothers to define what makes something a scripting language.

  • (cs) in reply to Not Registered
    Not Registered:

    The underlying language is irrelevant... it is a .NET specific technology.   You should call Bill Gates and tell him his PDC keynote speach was incorrect.  While I'm googling ASP.NET why don't you google this...

    PDC Session PRS 312 "ASP.NET: Future Directions Developing Rich Applications with "Atlas" "

    The .NET framework isn't written in C#, does that mean the .NET Framework isn't part of .NET? ...  Atlas is a .NET specific technology written in JavaScipt... 



    Well, put the blame on MS: When they say .NET, they mean different things. One is the java-like thingy, including C#, IL and the CLR; the other means a general, rather blurry "big picture" which at some time included Hailstorm, Passport and-what-not. You see the same distinction in the dotGNU-Project: There is portable.net, which is implementing the C#, IL, CLR thingy; and there is the more general (rather blurry;-) dotGNU project which portable.net is part of.
  • php programmer (unregistered)

    Here is what worries me in this WTF.  Maybe someone else mentioned it but my medication (home sick) is blurring my vision.  The purpose of this request, seems clearly to take into account the data got to the server via HTTP and not HTTPS, and then take the exact data, and push it into a HTTPS request. 

    That is like saying "We got this data sent from the client to the server, but its double secret data so we have to send this data back to the client, then get the client to send it to us in double secret code."

    If you already get the data at the client, and the data is supposed to be encrypted in the first place, that is an error condition period - sending that exact data back to the client so it can then be sent back once again encrypted - I would not only fire any programmer that did this but tatoo "dangerous idiot" to his forehead first. 

    Secondly, I can't think of any reason why you would send secure data over a GET request.  Its already been mentioned GET data stays in the browser's history.  It also (I am pretty sure even for HTTPS, but not 100% sure) that it gets logged in all the log files.  This could then end up with sensitive information sent off to India or what ever nation the contracted fly by night SEO company resides.  I am not sure if the logs are kept seperately for HTTP and HTTPS requests, but you ever have to treat your access logs as sensitive credit card data records the process is broken badly already.

    The biggest problem that I have with this, is its not just a typical "burn CPU" wtf or doing things the really really hard (dumb) way, or introducing bugs.  Its taking a broken system that is leaking sensitive data, and "fixing" it in a way that doesn't remove the leak, just makes it harder to see. 

  • php programmer (unregistered) in reply to php programmer

    Second note (after writing above post):  I realized that even if the HTTPS requests didn't go in the main log files, the HTTP request that that builds the forwarding form will.  So, no matter what, using this script will result in whatever data should be HTTPS encrypted appearing plainly in the logs for anyone in a contracted SEO company to see, or anyone else with access to the logs, and yet use HTTPS to actually process that data, as if it was magically secure on a "best two out of three" approach to security.  Its really quite awful.

  • (cs) in reply to php programmer
    Anonymous:

    Secondly, I can't think of any reason why you would send secure data over a GET request. 


    Irrespective of the browser history, the point of SSL is to stymie packet sniffing, yes? Hence the need for secure GET requests also. The only way somebody could get to my browser history would be to break into my house and steal the computer.

  • (cs) in reply to James
    Anonymous:
    Get a real payment gateway that provides an API to their services, I use authorize.net and it is the one I prefer, but I have also used PayPal's Web Payments Pro (even they provide a logical way to interfece with them).


    Interfece: The process of throwing shit at each other [;)]

  • php programmer (unregistered) in reply to Quinnum
    Quinnum:
    Anonymous:

    Secondly, I can't think of any reason why you would send secure data over a GET request. 


    Irrespective of the browser history, the point of SSL is to stymie packet sniffing, yes? Hence the need for secure GET requests also. The only way somebody could get to my browser history would be to break into my house and steal the computer.



    I am pretty sure even the SSL requests get logged in a log file.  The IP, basic browser info, and the URL, including the GET variables, would reside in the server long after the session was concluded.

    I will say that there is a good reason to use GET requests via SSL, because you often want the data being sent back to the browser to be secure, such as for banking records, and sending data such as the page number in the GET data is no biggy.  Thats assuming you already logged in via a secure POST request, and your session is being maintained. 

    By "secure data" I meant "sensitive data", I should have been more clear.  In the WTF cited, whats really noteworthy is that it does it gets all the data via an insecure route, then sends it back insecurely to get it resent securely, even though it already got it all and the damage was already done.
  • (cs) in reply to php programmer
    Anonymous:
    Second note (after writing above post):  I realized that even if the HTTPS requests didn't go in the main log files, the HTTP request that that builds the forwarding form will.  So, no matter what, using this script will result in whatever data should be HTTPS encrypted appearing plainly in the logs for anyone in a contracted SEO company to see, or anyone else with access to the logs, and yet use HTTPS to actually process that data, as if it was magically secure on a "best two out of three" approach to security.  Its really quite awful.

    My hope was that this page wasn't sending over any useful information, that it was just switching over to https and sending "action=cartupdate&sort=price" or something like that.

    If it's collecting and sending over passwords, card info, or anything like that... be very scared.
  • Anonymous (unregistered) in reply to Manni

    Or better yet, on the top of the processing page, print "Please wait..." and dump the existing buffer to the client before starting the real processing.

  • rhino-x (unregistered) in reply to brazzy

    No touch deployment is more or less the .NET equivalent of Java Web Start. And let me tell you, I would take JWS any day of the week. You cannot use no-touch in many normal, acceptable situations for various reasons, including, but not limited to the fact that the app runs as ieexec and not your user. This includes using OLE, which in Windows is something you really shouldn't take away if you plan on doing anything useful.

  • anonymous (unregistered)

    Well, if you say bad things about a programming language per se, you well earn the heat!

    After reading too many WTFs, you really should know that it is the programmer who writes bad code, not the language.


  • (cs) in reply to Quinnum

    Quinnum:
    Anonymous:
    Get a real payment gateway that provides an API to their services, I use authorize.net and it is the one I prefer, but I have also used PayPal's Web Payments Pro (even they provide a logical way to interfece with them).


    Interfece: The process of throwing shit at each other [;)]

    [:D] Beautiful, man... Just beautiful.

    Come to think of it, quite a lot of API's I've used over the years have have multiple interfeces in them...

     

  • Sammy (unregistered) in reply to Mung Kee

    Mung Kee:
    Gene Wirchenko:
    Mung Kee:
    We have one of these.  We need to post user data to a third party, who provides a redirect on their system, to the remainder of their application.  As a result, there is no need for a UI on our end.  Sadly, someone decided to implement a hidden form just like this using Java, rather than simply programatically posting to the third party.

    For all you Java/VB/Perl/PHP/C/C++/C# bashers, WTFs know no language.


    Not true at all.  WTFs know every language, catch every language with its pants down, and collect blackmail evidence (for the bashers among others).

    Sincerely,

    Gene Wirchenko



    WTFs know no language, meaning they're pervasive.  I know it's a leap but that's my feeble attempt at philosophy. 

    Allow me to suggest the alternate construction, "WTFs are platform agnostic." 

  • Wing (unregistered)

    Firstly, I'm a Struts Programmer by choice. I can use PHP and will continue to do small projects which don't need scalability,  etc, through PHP.

    Anyone who uses a massive J2EE app to have a blog, personal website or in fact, for that matter, anyone who regurgitates this kind of bile on top of anyone who uses PHP for those tasks, is overly compensating for something. It seems to me that anyone who puts a programing language down without giving a scope for it (like the original poster did) seems to have missed that PHP was designed for such "hobbyists"

    Heavens forbid that people wanting to program "real web applications" (such as PHPBB) can't afford their own server.

    You covered yourself nicely with the "heck, I'll even get some flak" nonsense. You deserve flak. For being so pompous as to announce the "literal objective" truth that only amateurs use PHP.

    PHP is not as elegant, as powerful or as properly OO as Struts, but fuck it. I don't want all that power at times. I just want a quick and dirty approach. And PHP is perfect for that.

    ASP is fairly crap, platform dependant and server-dependant. So, please, if you're going to compare like with like, do so properly

  • qiguai (unregistered) in reply to foxyshadis
    foxyshadis:
    C'mon now, the difference between a scripting language is generally considered to be the presence or lack of compilation. Scripts are compiled at execution and sometimes even during execution, then thrown away. Usually the scripts themselves are just simple or complex one-offs. Programs are compiled once (well, whenever they change) and that code reused.


    The presence of a native compiler is a characteristic of an implementation, not a language. C is not a compiled _language_- there are C interpreters. There are quite a few languages that have both interpreted and compiled implementations. Some implementations contain both interpreters and compilers. I can think of more than one language implementation with an interpreter, byte-code compilation, and native compilation. Then there are just in time compilers.

    foxyshadis:

    Some languages blur this: PHP can generally be compiled, optimized, and cached now; ASP was moving in this direction before ASP.Net made it moot. .Net includes far more dynamic execution possibilities than C++/Java, and vb.net and js.net still often default to variant types to support loose typing. But most people still build crappy underengineered stuff with PHP and vbscript/js/asp.net, major applications in C#/Delphi.Net, and application-lites with vb, so their monikers aren't entirely useless.

    Eventually some firmer definition will have to come out, but it's pointless arguing about it when no one bothers to define what makes something a scripting language.


    No firmer definition is possible, at least on implementation-specific grounds. So-called scripting languages are so called because of the uses that they are put to, because of the environment that they are used in, and because of the people that usually put them to those uses. These distinctions are largely social, and thus ambiguous and subject to rapid change. One man's scripting language is another's non-scripting language.
  • gary burden (unregistered) in reply to James

    you took money from my account i would like it put back in my bank,i tlod you i dindt have the money to pay for your line of crdit you offerd,so put my money back to my account and cancel this membership

    thank you

    gary burden

  • Steve (unregistered)

    You gave me a giggle when you said ASP.NET and J2EE were "Compiled" they're run in an interpreter, y'know. Just because they include a fake compiler to keep you guessing and validate the syntax doesn't make them better.

  • Dena (unregistered)

    โปรโมชั่น เกมสล็อตxo ต่างๆมากมาย ให้กับสมาชิกทุกท่าน มาพร้อมโหมด SLOT XO DEMO ที่เปิดให้บริการตลอด 24 ชม.

    xoslot

  • Ethan (unregistered)
    Comment held for moderation.
  • Hans (unregistered)

    pg slot เว็บตรง พวกเรา คือ เว็บหลักสล็อต ที่เปิดให้บริการ SLOT PG เป็น เว็บตรงสล็อต PG แหล่งรวมเกม SLOTPG มากกว่า 200 เกม เว็บพนันสล็อต ยอดนิยมอันดับ 1 ฝากเงิน ผ่าน ระบบ ออโต้ ช่วยให้ การฝากเงิน - ถอนเงิน ของท่าน ปลอดภัย รวดเร็วทันใจ ภายใน 1 นาที ร่วมสนุกกับ PGSLOT ได้อย่างไร้ขีดจำกัด สมัคร สล็อตพีจีเว็บตรง ตอนนี้ รับโปรโมชั่น SlotPg ต่างๆมากมาย มีโหมดทดลองเล่น PGSLOT ให้ทุกท่าน ได้ทดลองเล่น PG SLOT ก่อนวางเดิมพันด้วยเงินจริง เครดิตฟรี 10,000 บาท เปิดให้บริการ SlotPg บน สล็อตเว็บตรงPG ตลอด 24 ชม. ร่วมสัมผัสประสบการณ์ใหม่กับ PGSLOT ที่ เว็บสล็อตออนไลน์ กับทางทีมงาน เว็บตรงพีจีสล็อต ได้อย่างไร้ขีดจำกัด

  • Alphonso (unregistered)
    Comment held for moderation.
  • Hellen (unregistered)
    Comment held for moderation.
  • Zora (unregistered)
    Comment held for moderation.
  • Bebe (unregistered)

    ไม่ผ่านเอเย่นต์ เราคือ เว็บสล็อตออนไลน์ JOKER ที่เปิดให้บริการ เกมสล็อตโจ๊กเกอร์ มากกว่า 500 เกม 500 รูปแบบ เว็บเกมสล็อต JOKER ของเรา มีสมาชิก มากกว่า 5 หมื่นคน สามารถร่วมสนุกและทำกำไรจาก โจ๊กเกอร์เกม ได้อย่างไร้กังวล JOKER123 มาพร้อมโหมด ทดลองเล่นสล็อต JOKER สล็อตเครดิตฟรี 10,000 บาท มีสูตรเล่นสล็อต JOKER ฟรี และโปรโมชั่นอีกเพียบ เปิดให้บริการ ทางเข้า JOKER SLOT ตลอด 24 ชม. สามารถร่วมสนุกกับ jokerslot ได้อย่างไร้ขีดจำกัด สมัครสมาชิกใหม่ โจ๊กเกอร์เกม ตอนนี้ ฝาก10รับ100ล่าสุด และโปรโมชั่นอีกมากมาย ได้ที่ สล็อตเว็บใหญ่ JOKER ตลอด 24 ชม.

  • Sam (unregistered)
    Comment held for moderation.
  • Charmain (unregistered)
    Comment held for moderation.

Leave a comment on “Directing a Redirect”

Log In or post as a guest

Replying to comment #:

« Return to Article