[WebDNA] Encode cookies ONLY via "method=Base64"
This WebDNA talk-list message is from 2008
It keeps the original formatting.
numero = 101259
interpreted = N
texte = > sometimes a second decrypt and/or unurl=20> is needed.=20A different number of decrypts and encrypts never works, you=20must always use the same number of these contexts. A=20different number of urls and unurls is definitely necessary=20sometimes:> Syntax reminder on variable (straight), and database> encryption:> Straight encryption: same amount of [url]'s going in as> comming out=20> Database encryption: one more [url] going in=20> than comming outRight, thanks for the reminder. =20With the cookies I first tried the same number of urls and=20unurls but it was failing, so then I tried using one more=20url going in -- because I thought that *maybe* using=20cookies is similar to using a database. But this theory=20was wrong because an extra url with cookies does not fix=20the problem like it does with a database.> Could you please tell us what server you're using?My client's Windows server running WebDNA 6.?> I have found the same thing as Ken has, and that it=20> is on our list of potential bugs that we are addressing. =A0> The scope appears to be only in cookie and orderfile=20> interaction so far. =20Orderfile too? =20Thanks Donovan, that's two scopes we should avoid when using=20the standard WebDNA encryption. Too bad though, since I=20want to use encrypted cookies for security reasons. =20PROBABLE CONCLUSION:Although Base64 is an encoding method (not an encryption=20method) it is the ONLY method that actually works when=20trying to obfuscate cookie values.Base64 is certainly not secure like an encrypted value might=20be, but it is better than nothing I guess. I tested all=20methods using cookies with the following results:standard webdna encryption --> fails 1/4 of the timemethod=3DCyberCash --> cannot be decryptedmethod=3DAPOP --> cannot be decryptedmethod=3DBase64 --> 100% reliable in dozens of testsSincerely,Ken Grome
Associated Messages, from the most recent to the oldest:
> sometimes a second decrypt and/or unurl=20> is needed.=20A different number of decrypts and encrypts never works, you=20must always use the same number of these contexts. A=20different number of urls and unurls is definitely necessary=20sometimes:> Syntax reminder on variable (straight), and database> encryption:> Straight encryption: same amount of
[url]'s going in as> comming out=20> Database encryption: one more
[url] going in=20> than comming outRight, thanks for the reminder. =20With the cookies I first tried the same number of urls and=20unurls but it was failing, so then I tried using one more=20url going in -- because I thought that *maybe* using=20cookies is similar to using a database. But this theory=20was wrong because an extra url with cookies does not fix=20the problem like it does with a database.> Could you please tell us what server you're using?My client's Windows server running WebDNA 6.?> I have found the same thing as Ken has, and that it=20> is on our list of potential bugs that we are addressing. =A0> The scope appears to be only in cookie and orderfile=20> interaction so far. =20Orderfile too? =20Thanks Donovan, that's two scopes we should avoid when using=20the standard WebDNA encryption. Too bad though, since I=20want to use encrypted cookies for security reasons. =20PROBABLE CONCLUSION:Although Base64 is an encoding method (not an encryption=20method) it is the ONLY method that actually works when=20trying to obfuscate cookie values.Base64 is certainly not secure like an encrypted value might=20be, but it is better than nothing I guess. I tested all=20methods using cookies with the following results:standard webdna encryption --> fails 1/4 of the timemethod=3DCyberCash --> cannot be decryptedmethod=3DAPOP --> cannot be decryptedmethod=3DBase64 --> 100% reliable in dozens of testsSincerely,Ken Grome
Kenneth Grome
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] preventing hackers from posting their own (altered) (2009)
headers (2000)
New Site Announcement (1998)
How to Display text in empty fields (1997)
docs for WebCatalog2 (1997)
Pieces Show Up! Curse You! (2000)
What is the syntax for MIME type on Apache server? (2000)
Dealing with return characters (2004)
OT: Microsoft to buy Macromedia? (2002)
Sort Order on a page search (1997)
Tracking System? (1997)
[protect admin] (1997)
Can he do that? (1998)
Serial Number Question (1997)
OK, here goes... (1997)
[WebDNA] WebDNA & MySQL (2014)
Help formatting search results w/ table (1997)
WebCat2b13MacPlugIn - [showif][search][/showif] (1997)
frames & carts (1997)
WebCat2 Append problem (B14Macacgi) (1997)