Re: Reminder for beta testers

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31102
interpreted = N
texte = >Please, Please, Please just fix the global tags and leave the hierarchy the >way it is.Naturally I'd like to figure out a way to keep the functionality you're asking for and also maintain some kind of security. It concerns me and lots of webmasters that any hacker can essentially change your internal text variables by simply putting a new field into the URL.It is a basic tenet of security that one doesn't depend only on ignorance to maintain security. It should be possible to write secure code even if the hacker knows all your source code. So, for instance, if you set some text variable like [text]IsValidAccount=F[/text] to indicate a bad account number, and a hacker puts &IsValidAccount=T into the URL, that's not a good thing if the form variable overrides the internal value.So let's try to think in a more general and abstract way about how we can achieve the same affect that you're getting now. Perhaps some kind of [PresetFormVariables] context, or something like that?Grant Hulbert, Director of Engineering ********************************** Smith Micro, Internet Solutions Div | eCommerce (WebCatalog) 16855 West Bernardo Drive, #380 | ------------------------- San Diego, CA 92127 | Software & Site Development Main Line: (858) 675-1106 | http://www.smithmicro.com Fax: (858) 675-0372 **********************************############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re: Reminder for beta testers (Grant Hulbert 2000)
  2. Re: Reminder for beta testers (Mike Davis 2000)
  3. Re: Reminder for beta testers (Grant Hulbert 2000)
  4. Re: Reminder for beta testers (John Butler 2000)
  5. Re: Reminder for beta testers (Jym Duane 2000)
  6. Re: Reminder for beta testers (Kenneth Grome 2000)
  7. Re: Reminder for beta testers (Thomas Wedderburn-Bisshop 2000)
  8. Re: Reminder for beta testers (Grant Hulbert 2000)
  9. Re: Reminder for beta testers (John Butler 2000)
  10. Re: Reminder for beta testers (Bob Minor 2000)
  11. Reminder for beta testers (Grant Hulbert 2000)
>Please, Please, Please just fix the global tags and leave the hierarchy the >way it is.Naturally I'd like to figure out a way to keep the functionality you're asking for and also maintain some kind of security. It concerns me and lots of webmasters that any hacker can essentially change your internal text variables by simply putting a new field into the URL.It is a basic tenet of security that one doesn't depend only on ignorance to maintain security. It should be possible to write secure code even if the hacker knows all your source code. So, for instance, if you set some text variable like [text]IsValidAccount=F[/text] to indicate a bad account number, and a hacker puts &IsValidAccount=T into the URL, that's not a good thing if the form variable overrides the internal value.So let's try to think in a more general and abstract way about how we can achieve the same affect that you're getting now. Perhaps some kind of [PresetFormVariables] context, or something like that?Grant Hulbert, Director of Engineering ********************************** Smith Micro, Internet Solutions Div | eCommerce (WebCatalog) 16855 West Bernardo Drive, #380 | ------------------------- San Diego, CA 92127 | Software & Site Development Main Line: (858) 675-1106 | http://www.smithmicro.com Fax: (858) 675-0372 **********************************############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Grant Hulbert

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

random prob (2003) Formatting a .txt file (1998) Error handling for accountNum (1997) [WebDNA] HTTP crashes (2010) Re:Dumb Question about Docs (1997) Multiple Newcarts (1996) type 2 errors with ssl server (1997) Sending Email (2004) .. more on sliding discounts... (1997) Error Lob.db records error message not name (1997) Encyption mail (1998) Search and path arguments (1998) Updating Prices db (still not working) (1999) Re:Help name our technology! (1997) Talk list archives down? (2003) Multi-processor Mac info ... (1997) [shownext max=?] armed (1997) auto-stripping of spaces (1997) Part Html part WebDNA (1997) WebCat editing, SiteGuard & SiteEdit (1997)