[WebDNA] Encode cookies ONLY via "method=Base64"

This WebDNA talk-list message is from

2008


It keeps the original formatting.
numero = 101259
interpreted = N
texte = > sometimes a second decrypt and/or unurl=20 > is needed.=20 A different number of decrypts and encrypts never works, you=20 must always use the same number of these contexts. A=20 different number of urls and unurls is definitely necessary=20 sometimes: > Syntax reminder on variable (straight), and database > encryption: > Straight encryption: same amount of [url]'s going in as > comming out=20 > Database encryption: one more [url] going in=20 > than comming out Right, thanks for the reminder. =20 With the cookies I first tried the same number of urls and=20 unurls but it was failing, so then I tried using one more=20 url going in -- because I thought that *maybe* using=20 cookies is similar to using a database. But this theory=20 was wrong because an extra url with cookies does not fix=20 the problem like it does with a database. > Could you please tell us what server you're using? My client's Windows server running WebDNA 6.? > I have found the same thing as Ken has, and that it=20 > is on our list of potential bugs that we are addressing. =A0 > The scope appears to be only in cookie and orderfile=20 > interaction so far. =20 Orderfile too? =20 Thanks Donovan, that's two scopes we should avoid when using=20 the standard WebDNA encryption. Too bad though, since I=20 want to use encrypted cookies for security reasons. =20 PROBABLE CONCLUSION: Although Base64 is an encoding method (not an encryption=20 method) it is the ONLY method that actually works when=20 trying to obfuscate cookie values. Base64 is certainly not secure like an encrypted value might=20 be, but it is better than nothing I guess. I tested all=20 methods using cookies with the following results: standard webdna encryption --> fails 1/4 of the time method=3DCyberCash --> cannot be decrypted method=3DAPOP --> cannot be decrypted method=3DBase64 --> 100% reliable in dozens of tests Sincerely, Ken Grome Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  2. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2012)
  3. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime Inc, Matthew A Perosi " 2012)
  4. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Govinda 2012)
  5. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  6. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  7. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  8. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  9. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  10. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  11. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  12. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  13. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  14. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Gary Krockover" 2008)
  15. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  16. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  17. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  18. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  19. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  20. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  21. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Patrick McCormick 2008)
  22. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  23. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  24. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Christer Olsson 2008)
  25. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  26. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  27. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  28. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  29. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  30. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  31. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  32. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  33. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  34. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  35. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  36. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  37. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  38. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  39. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  40. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  41. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  42. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  43. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  44. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  45. [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
> sometimes a second decrypt and/or unurl=20 > is needed.=20 A different number of decrypts and encrypts never works, you=20 must always use the same number of these contexts. A=20 different number of urls and unurls is definitely necessary=20 sometimes: > Syntax reminder on variable (straight), and database > encryption: > Straight encryption: same amount of [url]'s going in as > comming out=20 > Database encryption: one more [url] going in=20 > than comming out Right, thanks for the reminder. =20 With the cookies I first tried the same number of urls and=20 unurls but it was failing, so then I tried using one more=20 url going in -- because I thought that *maybe* using=20 cookies is similar to using a database. But this theory=20 was wrong because an extra url with cookies does not fix=20 the problem like it does with a database. > Could you please tell us what server you're using? My client's Windows server running WebDNA 6.? > I have found the same thing as Ken has, and that it=20 > is on our list of potential bugs that we are addressing. =A0 > The scope appears to be only in cookie and orderfile=20 > interaction so far. =20 Orderfile too? =20 Thanks Donovan, that's two scopes we should avoid when using=20 the standard WebDNA encryption. Too bad though, since I=20 want to use encrypted cookies for security reasons. =20 PROBABLE CONCLUSION: Although Base64 is an encoding method (not an encryption=20 method) it is the ONLY method that actually works when=20 trying to obfuscate cookie values. Base64 is certainly not secure like an encrypted value might=20 be, but it is better than nothing I guess. I tested all=20 methods using cookies with the following results: standard webdna encryption --> fails 1/4 of the time method=3DCyberCash --> cannot be decrypted method=3DAPOP --> cannot be decrypted method=3DBase64 --> 100% reliable in dozens of tests Sincerely, Ken Grome Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[newcart] (1998) Uh...can someone help me out with the b10? (1997) WebStar Secure on other machine (1997) autocommit problem (1998) Online reference (1997) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) Limiting user access to .tmpl files (1997) Search with Special Chars (1997) Platform Switch (1997) [Summary] re: Emailer setup (1997) SSL (1998) Replace and Date (2002) WebCat2b13 Mac plugin - [sendmail] and checkboxes (1997) RE: E-mailer error codes (1997) Add to Cart & List of Products (1997) test (2004) WCS Newbie question (1997) PIXO support (1997) Automatic POST arg sending? (1998) Shopping Cart Limits? (1998)