[WebDNA] Encode cookies ONLY via "method=Base64"

This WebDNA talk-list message is from

2008


It keeps the original formatting.
numero = 101259
interpreted = N
texte = > sometimes a second decrypt and/or unurl=20 > is needed.=20 A different number of decrypts and encrypts never works, you=20 must always use the same number of these contexts. A=20 different number of urls and unurls is definitely necessary=20 sometimes: > Syntax reminder on variable (straight), and database > encryption: > Straight encryption: same amount of [url]'s going in as > comming out=20 > Database encryption: one more [url] going in=20 > than comming out Right, thanks for the reminder. =20 With the cookies I first tried the same number of urls and=20 unurls but it was failing, so then I tried using one more=20 url going in -- because I thought that *maybe* using=20 cookies is similar to using a database. But this theory=20 was wrong because an extra url with cookies does not fix=20 the problem like it does with a database. > Could you please tell us what server you're using? My client's Windows server running WebDNA 6.? > I have found the same thing as Ken has, and that it=20 > is on our list of potential bugs that we are addressing. =A0 > The scope appears to be only in cookie and orderfile=20 > interaction so far. =20 Orderfile too? =20 Thanks Donovan, that's two scopes we should avoid when using=20 the standard WebDNA encryption. Too bad though, since I=20 want to use encrypted cookies for security reasons. =20 PROBABLE CONCLUSION: Although Base64 is an encoding method (not an encryption=20 method) it is the ONLY method that actually works when=20 trying to obfuscate cookie values. Base64 is certainly not secure like an encrypted value might=20 be, but it is better than nothing I guess. I tested all=20 methods using cookies with the following results: standard webdna encryption --> fails 1/4 of the time method=3DCyberCash --> cannot be decrypted method=3DAPOP --> cannot be decrypted method=3DBase64 --> 100% reliable in dozens of tests Sincerely, Ken Grome Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  2. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2012)
  3. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime Inc, Matthew A Perosi " 2012)
  4. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Govinda 2012)
  5. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  6. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  7. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  8. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  9. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  10. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  11. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  12. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  13. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  14. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Gary Krockover" 2008)
  15. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  16. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  17. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  18. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  19. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  20. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  21. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Patrick McCormick 2008)
  22. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  23. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  24. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Christer Olsson 2008)
  25. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  26. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  27. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  28. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  29. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  30. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  31. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  32. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  33. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  34. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  35. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  36. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  37. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  38. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  39. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  40. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  41. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  42. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  43. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  44. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  45. [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
> sometimes a second decrypt and/or unurl=20 > is needed.=20 A different number of decrypts and encrypts never works, you=20 must always use the same number of these contexts. A=20 different number of urls and unurls is definitely necessary=20 sometimes: > Syntax reminder on variable (straight), and database > encryption: > Straight encryption: same amount of [url]'s going in as > comming out=20 > Database encryption: one more [url] going in=20 > than comming out Right, thanks for the reminder. =20 With the cookies I first tried the same number of urls and=20 unurls but it was failing, so then I tried using one more=20 url going in -- because I thought that *maybe* using=20 cookies is similar to using a database. But this theory=20 was wrong because an extra url with cookies does not fix=20 the problem like it does with a database. > Could you please tell us what server you're using? My client's Windows server running WebDNA 6.? > I have found the same thing as Ken has, and that it=20 > is on our list of potential bugs that we are addressing. =A0 > The scope appears to be only in cookie and orderfile=20 > interaction so far. =20 Orderfile too? =20 Thanks Donovan, that's two scopes we should avoid when using=20 the standard WebDNA encryption. Too bad though, since I=20 want to use encrypted cookies for security reasons. =20 PROBABLE CONCLUSION: Although Base64 is an encoding method (not an encryption=20 method) it is the ONLY method that actually works when=20 trying to obfuscate cookie values. Base64 is certainly not secure like an encrypted value might=20 be, but it is better than nothing I guess. I tested all=20 methods using cookies with the following results: standard webdna encryption --> fails 1/4 of the time method=3DCyberCash --> cannot be decrypted method=3DAPOP --> cannot be decrypted method=3DBase64 --> 100% reliable in dozens of tests Sincerely, Ken Grome Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] preventing hackers from posting their own (altered) (2009) headers (2000) New Site Announcement (1998) How to Display text in empty fields (1997) docs for WebCatalog2 (1997) Pieces Show Up! Curse You! (2000) What is the syntax for MIME type on Apache server? (2000) Dealing with return characters (2004) OT: Microsoft to buy Macromedia? (2002) Sort Order on a page search (1997) Tracking System? (1997) [protect admin] (1997) Can he do that? (1998) Serial Number Question (1997) OK, here goes... (1997) [WebDNA] WebDNA & MySQL (2014) Help formatting search results w/ table (1997) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) frames & carts (1997) WebCat2 Append problem (B14Macacgi) (1997)