Online documentation - Websydian v6.5 |
Introduction Implementing Other Uses Parts Example Background
When an event is activated and thereby an event handler function called, the event handler function checks the digital signature against the expected value. If the hidden fields of the HTML form have been changed intentionally, the field WsyBase<SignatureValid> is set to the value <*No>, and a default message is generated and sent to the user.
To override this default message, insert the action diagram statement;
+++Undefine Field: +ErrorInSignature
in the 0 Signature check failed edit point. This will disable the call to the function and generate an Error Page. Instead, the application developer must insert a call to his own Page Generator function.
For an Event Handler function with digital signing, the signature is received by the Event Handler along with the other fields of the event. However, only the hidden fields of the event are used to generate the Digital Signature.
By default, all the fields of the Hidden variable will be used to sign the event. Individual fields can be deselected from the signature handling by adding the fields to the ExcludeFromSign variable. The field Signature is already located in this variable, since the field WebInput<Signature> is used to store the generated signature sent with the event.
Note that the fields in the Hidden and ExcludeFromSign variables are not used to store any values at run-time. These variables are used to specify information about the fields in the WebInput variable and they are used only at generation time to generate application specific code.
The calculation of the Digital Signature code is performed by the SignFields function. If another calculation algorithm is needed, this function must be replaced by your own calculation algorithm for all Event Handlers and Page Generators that use the Digital Signature functionality.