Re: [WebDNA] Security best practice

This WebDNA talk-list message is from

2009

It keeps the original formatting. numero = 101853
interpreted = N
texte = Wow, that's a great feature. I always felt a little funny having all those cart files w/ cc numbers on hand.Terry>Regarding security, one thing that is new in>CICADA is the ability to encrypt (as an option)>certain sensitive orderfile information.. such>as "accountnum". This is one area that I would>like for people to test, because I have>only had the chance to test it marginally. So>far, my tests are that it works. ;-)>>For example, (only for CICADA owners) activate an>orderfile encryption (in the admin pages) and, on>a template, do a :>>[setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>(remember to have the "ShoppingCarts">directory in the same root as your test template)>>If you look in the orderfile that was created after hitting>that template ("less " in a terminal>window), you will see your encrypted accountnum value.>>Then doing a:>>[orderfile cart=[cart]]>[accountnum]>[/orderfile]>>The encrypted value is magically decrypted and viewable.>>However, I have not, for example, had a chance to test this>under heavy load, or, for example, initiating this>on a server with existing sites that use the orderfile>tags... but, it looks like a nice feature that SMSI created under>the radar so far and it would be really cool if this feature>worked on existing sites that use the orderfile tags.>>I will have time to test this more thoroughly in the future,>but if someone else has the means and time, please report>back your findings!>>Donovan>>>>-->Donovan D. Brooke PH: 1 (608) 770-3822>------------------------------------------------>VP>WebDNA Software Corporation>16192 Coastal Highway>Lewes, DE 19958>--------------------------------------------------------->This message is sent to you because you are subscribed to>the mailing list .>To unsubscribe, E-mail to: >archives: http://mail.webdna.us/list/talk@webdna.us>old archives: http://dev.webdna.us/TalkListArchive/-- Terry Wilson | terry@terryfic.com | http://terryfic.comhttp://WhosComing.com - a simplified, affordable online reservation systemhttp://TightJacket.com -- stylish protection for your laptop--------------------------------------------------------------------------Attitude is the only difference between ordeal and adventure. Associated Messages, from the most recent to the oldest:

Re: [WebDNA] Security best practice (Donovan Brooke 2009) Re: [WebDNA] Security best practice (Terry Wilson 2009) Re: [WebDNA] Security best practice (Clint Davis 2009) Re: [WebDNA] Security best practice (Terry Wilson 2009) Re: [WebDNA] Security best practice (Donovan Brooke 2009) Re: [WebDNA] Security best practice (Donovan Brooke 2009) [WebDNA] Security best practice ("Tom Duke" 2009)

Wow, that's a great feature. I always felt a little funny having all those cart files w/ cc numbers on hand.Terry>Regarding security, one thing that is new in>CICADA is the ability to encrypt (as an option)>certain sensitive orderfile information.. such>as "accountnum". This is one area that I would>like for people to test, because I have>only had the chance to test it marginally. So>far, my tests are that it works. ;-)>>For example, (only for CICADA owners) activate an>orderfile encryption (in the admin pages) and, on>a template, do a :>>[setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>(remember to have the "ShoppingCarts">directory in the same root as your test template)>>If you look in the orderfile that was created after hitting>that template ("less " in a terminal>window), you will see your encrypted accountnum value.>>Then doing a:>>[orderfile cart=[cart]]>[accountnum]>[/orderfile]>>The encrypted value is magically decrypted and viewable.>>However, I have not, for example, had a chance to test this>under heavy load, or, for example, initiating this>on a server with existing sites that use the orderfile>tags... but, it looks like a nice feature that SMSI created under>the radar so far and it would be really cool if this feature>worked on existing sites that use the orderfile tags.>>I will have time to test this more thoroughly in the future,>but if someone else has the means and time, please report>back your findings!>>Donovan>>>>-->Donovan D. Brooke PH: 1 (608) 770-3822>------------------------------------------------>VP>WebDNA Software Corporation>16192 Coastal Highway>Lewes, DE 19958>--------------------------------------------------------->This message is sent to you because you are subscribed to>the mailing list .>To unsubscribe, E-mail to: >archives: http://mail.webdna.us/list/talk@webdna.us>old archives: http://dev.webdna.us/TalkListArchive/-- Terry Wilson | terry@terryfic.com | http://terryfic.comhttp://WhosComing.com - a simplified, affordable online reservation systemhttp://TightJacket.com -- stylish protection for your laptop--------------------------------------------------------------------------Attitude is the only difference between ordeal and adventure. Terry Wilson

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

absolute paths for databases? (1997) [WebDNA] Problem running Webdna (2011) [ShowNext] feature in 2.0 (1997) Parameter vs. Operator (1998) declined orders webmerchant not showing up? (2005) Webstar 1.3.1 PPC (1997) WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997) wc 2 pro users - sites, quotes wanted (1997) WebDNA 4.5 on CentOS (2006) Deleting with contexts (2001) [WebDNA] ImageMagick troubleshooting (2009) Sku numbers (1997) FM PRO Compatibility Issue - Single Database w/oConversions (1997) can you reassign loop index? (1998) upgrading (1997) [random] only for 1-100??? (1997) Replace with Producteditor.tpl (2000) Ticket Ordering Question (2003) NewCart+Search with one click ? (1997) RE: [WebDNA] XML Help (2009)