Re: WebCatalog 4.0 has been released!

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 32821
interpreted = N
texte = I have never used the behavior in question, nor did it occur to me that it was a good idea when it was discussed. Relying on precedence is always a bad idea when programming public executable code, which is why tainting is such an important feature in Perl. It is actually very hard to write perl code that will execute under -T, because you quickly realize what assumptions you make when you write code.You and every other developer can make the choice to disable to higher security in the new system. If you personally never distributed any of your code in readable form, there is very little that any cracker could do to fake out your code. But, I will never rely on hidden variables to protect my sites, and I will never be disabling the security. I also urge everyone to examine their code-base and fix individual [text] vars rather than blindly flipping the flag in case. New sites, written from scratch, will include tags that cannot be interpreted by older WebCat installs (such is the nature of upgrades). Don't cripple your site now, to suit old programming mistakes.John PeacockAlex McCombie wrote: > > The good news is that SM heard the cry to include this in the prefs so > that it could be changed but opted to rely on word of mouth(email) as to how > to use it. This will likely ensure that there will be NUMEROUS emails on the > forum regarding it as people work through it. >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: WebCatalog 4.0 has been released! (Jay Van Vark 2000)
  2. Re: WebCatalog 4.0 has been released! (Chris Brandt 2000)
  3. Re: WebCatalog 4.0 has been released! (Jay Van Vark 2000)
  4. Re: WebCatalog 4.0 has been released! (Mark Derrick 2000)
  5. Re: WebCatalog 4.0 has been released! (Peter Ostry 2000)
  6. Re: WebCatalog 4.0 has been released! (Alex McCombie 2000)
  7. Re: WebCatalog 4.0 has been released! (Joseph D'Andrea 2000)
  8. Re: WebCatalog 4.0 has been released! (John Peacock 2000)
  9. Re: WebCatalog 4.0 has been released! (Joseph D'Andrea 2000)
  10. Re: WebCatalog 4.0 has been released! (John Butler 2000)
  11. Re: WebCatalog 4.0 has been released! (Alex McCombie 2000)
  12. Re: WebCatalog 4.0 has been released! (John Peacock 2000)
  13. Re: WebCatalog 4.0 has been released! (Jay Van Vark 2000)
  14. Re: WebCatalog 4.0 has been released! (Jay Van Vark 2000)
  15. Re: WebCatalog 4.0 has been released! (Mark Derrick 2000)
  16. Re: WebCatalog 4.0 has been released! (Paul Uttermohlen 2000)
  17. Re: WebCatalog 4.0 has been released! (Jay Van Vark 2000)
  18. Re: WebCatalog 4.0 has been released! (Mark Derrick 2000)
  19. Re: WebCatalog 4.0 has been released! (Jay Van Vark 2000)
  20. Re: WebCatalog 4.0 has been released! (Jay Van Vark 2000)
  21. Re: WebCatalog 4.0 has been released! (Mike Heininger 2000)
  22. Re: WebCatalog 4.0 has been released! (Peter Ostry 2000)
  23. Re: WebCatalog 4.0 has been released! (Jesse Proudman 2000)
  24. WebCatalog 4.0 has been released! (Jay Van Vark 2000)
  25. WebCatalog 4.0 has been released! (Jay Van Vark 2000)
I have never used the behavior in question, nor did it occur to me that it was a good idea when it was discussed. Relying on precedence is always a bad idea when programming public executable code, which is why tainting is such an important feature in Perl. It is actually very hard to write perl code that will execute under -T, because you quickly realize what assumptions you make when you write code.You and every other developer can make the choice to disable to higher security in the new system. If you personally never distributed any of your code in readable form, there is very little that any cracker could do to fake out your code. But, I will never rely on hidden variables to protect my sites, and I will never be disabling the security. I also urge everyone to examine their code-base and fix individual [text] vars rather than blindly flipping the flag in case. New sites, written from scratch, will include tags that cannot be interpreted by older WebCat installs (such is the nature of upgrades). Don't cripple your site now, to suit old programming mistakes.John PeacockAlex McCombie wrote: > > The good news is that SM heard the cry to include this in the prefs so > that it could be changed but opted to rely on word of mouth(email) as to how > to use it. This will likely ensure that there will be NUMEROUS emails on the > forum regarding it as people work through it. >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Cannot get subtotal to work (1997) Frames and WebCat (1997) empty shopping cart message (1997) Emailer choke (1997) Setting up WebCatalog with Retail Pro data (1996) RE: Which [index]? (1997) Calendar (1997) Price Change (2000) WebCat editing, SiteGuard & SiteEdit (1997) Robert Minor duplicate mail (1997) [WebDNA] anyone know why webdna kicking out incorrect dates? (2008) Db crash in win98 (2000) Database Updates (1997) WebCat, switching from NT to OSX (2003) Shipcost lookup? (1997) Emailer (1997) WebDNA deletes major DB data big time (2004) PIXO support (1997) [WebDNA] WebDNA version 7 feature list? (2011) hidden (phantom) file downloads (2000)