Re: [WebDNA] Security best practice
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 101853
interpreted = N
texte = Wow, that's a great feature. I always felt a little funny having all those cart files w/ cc numbers on hand.Terry>Regarding security, one thing that is new in>CICADA is the ability to encrypt (as an option)>certain sensitive orderfile information.. such>as "accountnum". This is one area that I would>like for people to test, because I have>only had the chance to test it marginally. So>far, my tests are that it works. ;-)>>For example, (only for CICADA owners) activate an>orderfile encryption (in the admin pages) and, on>a template, do a :>>[setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>(remember to have the "ShoppingCarts">directory in the same root as your test template)>>If you look in the orderfile that was created after hitting>that template ("less
" in a terminal>window), you will see your encrypted accountnum value.>>Then doing a:>>[orderfile cart=[cart]]>[accountnum]>[/orderfile]>>The encrypted value is magically decrypted and viewable.>>However, I have not, for example, had a chance to test this>under heavy load, or, for example, initiating this>on a server with existing sites that use the orderfile>tags... but, it looks like a nice feature that SMSI created under>the radar so far and it would be really cool if this feature>worked on existing sites that use the orderfile tags.>>I will have time to test this more thoroughly in the future,>but if someone else has the means and time, please report>back your findings!>>Donovan>>>>-->Donovan D. Brooke PH: 1 (608) 770-3822>------------------------------------------------>VP>WebDNA Software Corporation>16192 Coastal Highway>Lewes, DE 19958>--------------------------------------------------------->This message is sent to you because you are subscribed to>the mailing list .>To unsubscribe, E-mail to: >archives: http://mail.webdna.us/list/talk@webdna.us>old archives: http://dev.webdna.us/TalkListArchive/-- Terry Wilson | terry@terryfic.com | http://terryfic.comhttp://WhosComing.com - a simplified, affordable online reservation systemhttp://TightJacket.com -- stylish protection for your laptop--------------------------------------------------------------------------Attitude is the only difference between ordeal and adventure.
Associated Messages, from the most recent to the oldest:
Wow, that's a great feature. I always felt a little funny having all those cart files w/ cc numbers on hand.Terry>Regarding security, one thing that is new in>CICADA is the ability to encrypt (as an option)>certain sensitive orderfile information.. such>as "accountnum". This is one area that I would>like for people to test, because I have>only had the chance to test it marginally. So>far, my tests are that it works. ;-)>>For example, (only for CICADA owners) activate an>orderfile encryption (in the admin pages) and, on>a template, do a :>>[setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>(remember to have the "ShoppingCarts">directory in the same root as your test template)>>If you look in the orderfile that was created after hitting>that template ("less " in a terminal>window), you will see your encrypted accountnum value.>>Then doing a:>>[orderfile cart=[cart]]>[accountnum]>[/orderfile]>>The encrypted value is magically decrypted and viewable.>>However, I have not, for example, had a chance to test this>under heavy load, or, for example, initiating this>on a server with existing sites that use the orderfile>tags... but, it looks like a nice feature that SMSI created under>the radar so far and it would be really cool if this feature>worked on existing sites that use the orderfile tags.>>I will have time to test this more thoroughly in the future,>but if someone else has the means and time, please report>back your findings!>>Donovan>>>>-->Donovan D. Brooke PH: 1 (608) 770-3822>------------------------------------------------>VP>WebDNA Software Corporation>16192 Coastal Highway>Lewes, DE 19958>--------------------------------------------------------->This message is sent to you because you are subscribed to>the mailing list .>To unsubscribe, E-mail to: >archives: http://mail.webdna.us/list/talk@webdna.us>old archives: http://dev.webdna.us/TalkListArchive/-- Terry Wilson | terry@terryfic.com | http://terryfic.comhttp://WhosComing.com - a simplified, affordable online reservation systemhttp://TightJacket.com -- stylish protection for your laptop--------------------------------------------------------------------------Attitude is the only difference between ordeal and adventure.
Terry Wilson
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
absolute paths for databases? (1997)
[WebDNA] Problem running Webdna (2011)
[ShowNext] feature in 2.0 (1997)
Parameter vs. Operator (1998)
declined orders webmerchant not showing up? (2005)
Webstar 1.3.1 PPC (1997)
WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997)
wc 2 pro users - sites, quotes wanted (1997)
WebDNA 4.5 on CentOS (2006)
Deleting with contexts (2001)
[WebDNA] ImageMagick troubleshooting (2009)
Sku numbers (1997)
FM PRO Compatibility Issue - Single Database w/oConversions (1997)
can you reassign loop index? (1998)
upgrading (1997)
[random] only for 1-100??? (1997)
Replace with Producteditor.tpl (2000)
Ticket Ordering Question (2003)
NewCart+Search with one click ? (1997)
RE: [WebDNA] XML Help (2009)