Re: No subject given

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31350
interpreted = N
texte = Oh my GOD! Ken and I agree about something. Hmmm, I must be thinking about this wrong, or something...8~}John PeacockKenneth Grome wrote: > > >With that in mind, I have to change my mind and go with the [text secure=f] > >mode. This will require updates to existing template, and may even include > >massive rewrites. The worst case scenario would have all instances of [text] > >replaced with [text secure=f], which would then put the onus for the lack of > >security on the programmer involved. > > > >But since the security failure of the present model has now been > >revealed, this > >is the only prudent course of action. I don't think that there should be a > >system option to make the reverse (insecure mode) be the default behavior. > > I agree 100%. It only makes sense to change the default to secure, > given the fact that this really is a security issue in some > situations, depending upon how certain variables are used. Besides, > the global changes to any existing site would be minimal in order to > maintain backward compatibility, requiring no more than three passes > in bbedit: > > 1- change [text] to [text secure=f] > 2- change [text show=f] to [text show=f&secure=f] > 3- change [text show=t] to [text show=t&secure=f] > > Once these three passes are performed, all our old sites will gain > the advantage of having the new secure variable hierarchy to work > with wherever we need it -- without breaking things. > > ================================ > Kenneth Grome, WebDNA Consultant > 808-737-6499 http://webdna.net > ================================ >############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re: Grepping text variable tags (was: Re: No subject given) (John Butler 2000)
  2. Re: Grepping text variable tags (was: Re: No subject given) (John Peacock 2000)
  3. Re: Grepping text variable tags (was: Re: No subject given) (John Peacock 2000)
  4. Re: Grepping text variable tags (was: Re: No subject given) (Chuck Rice 2000)
  5. Re: Grepping text variable tags (was: Re: No subject given) (Kenneth Grome 2000)
  6. Re: Grepping text variable tags (was: Re: No subject given) (Jereme Claussen 2000)
  7. Re: Grepping text variable tags (was: Re: No subject given) (Kenneth Grome 2000)
  8. Grepping text variable tags (was: Re: No subject given) (Rob Marquardt 2000)
  9. Re: No subject given (Jereme Claussen 2000)
  10. Re: No subject given (Kenneth Grome 2000)
  11. Re: No subject given (John Peacock 2000)
  12. Re: No subject given (Jereme Claussen 2000)
  13. Re: No subject given (John Peacock 2000)
  14. Re: No subject given (Kenneth Grome 2000)
  15. No subject given (jpeacock@univpress.com 2000)
Oh my GOD! Ken and I agree about something. Hmmm, I must be thinking about this wrong, or something...8~}John PeacockKenneth Grome wrote: > > >With that in mind, I have to change my mind and go with the [text secure=f] > >mode. This will require updates to existing template, and may even include > >massive rewrites. The worst case scenario would have all instances of [text] > >replaced with [text secure=f], which would then put the onus for the lack of > >security on the programmer involved. > > > >But since the security failure of the present model has now been > >revealed, this > >is the only prudent course of action. I don't think that there should be a > >system option to make the reverse (insecure mode) be the default behavior. > > I agree 100%. It only makes sense to change the default to secure, > given the fact that this really is a security issue in some > situations, depending upon how certain variables are used. Besides, > the global changes to any existing site would be minimal in order to > maintain backward compatibility, requiring no more than three passes > in bbedit: > > 1- change [text] to [text secure=f] > 2- change [text show=f] to [text show=f&secure=f] > 3- change [text show=t] to [text show=t&secure=f] > > Once these three passes are performed, all our old sites will gain > the advantage of having the new secure variable hierarchy to work > with wherever we need it -- without breaking things. > > ================================ > Kenneth Grome, WebDNA Consultant > 808-737-6499 http://webdna.net > ================================ >############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

2.1 Stuff (1998) [taxRate] [TaxTotal] ? (1997) Problems with store (1998) [DOS]/DOS query perhaps OT (2003) WC2b15 - [HTMLx]...[/HTMLx] problems (1997) Online reference (1997) Gettting IPAddress (2001) No luck with taxes (1997) remotely creating and populating a stock inventory db - almost there! (1999) [WebDNA] special chars (2009) Menu to select product variations (1997) Setting up shop (1997) Trouble with Category search (2000) Moment of Thanks (1997) GuestBook example (1997) A question on sub-categories (1997) Emailer setup (1997) with Link i need to (1997) [Sum] function? (1997) Creating folders and deleting files (1997)