Re: Variable security

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 33448
interpreted = N
texte = This was all covered during beta. Ken screamed that he didn't want to touch a single line of his 3.0 WebDNA, even if it meant that we shipped a product with a security hole. We would have preferred to plug the hole completely, but were talked into a hybrid approach that allows people to continue to write sites that are not secure.Our very clear policy is that we will not knowingly ship a product which has a default behavior that is not secure. By providing the extra parameter as workaround for legacy code, we have also provided for those people who wish to continue writing code in the old way. But it requires a conscious act to make the variables un-secure. This is preferable to forcing all future customers to resort to a conscious act to make their sites *secure*.We came up with a good compromise during beta, and everyone was as happy as is possible in such a situation.Grant Hulbert, Director of Engineering ********************************** Smith Micro, Internet Solutions Div | eCommerce (WebCatalog) 16855 West Bernardo Drive, #380 | ------------------------- San Diego, CA 92127 | Software & Site Development Main Line: (858) 675-1106 | http://www.smithmicro.com Fax: (858) 675-0372 **********************************############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re: math variable security [MEDIUM LONG] (Bob Minor 2000)
  2. Re: math variable security [MEDIUM LONG] (John Peacock 2000)
  3. Re: math variable security [MEDIUM LONG] (Bob Minor 2000)
  4. Re: math variable security [VERY LONG] (John Peacock 2000)
  5. Re: Variable security (Kenneth Grome 2000)
  6. Re: Variable security (Bob Minor 2000)
  7. Re: Variable security (Grant Hulbert 2000)
  8. Re: Variable security (Bob Minor 2000)
  9. Re: Variable security (Grant Hulbert 2000)
  10. Variable security (Bob Minor 2000)
  11. Variable security (Bob Minor 2000)
  12. Re: math variable security (Paul Uttermohlen 2000)
  13. Re: math variable security (Bob Minor 2000)
  14. Re: math variable security (WebDNA Support 2000)
  15. Re: math variable security (Bob Minor 2000)
  16. Re: math variable security (WebDNA Support 2000)
  17. math variable security (Bob Minor 2000)
This was all covered during beta. Ken screamed that he didn't want to touch a single line of his 3.0 WebDNA, even if it meant that we shipped a product with a security hole. We would have preferred to plug the hole completely, but were talked into a hybrid approach that allows people to continue to write sites that are not secure.Our very clear policy is that we will not knowingly ship a product which has a default behavior that is not secure. By providing the extra parameter as workaround for legacy code, we have also provided for those people who wish to continue writing code in the old way. But it requires a conscious act to make the variables un-secure. This is preferable to forcing all future customers to resort to a conscious act to make their sites *secure*.We came up with a good compromise during beta, and everyone was as happy as is possible in such a situation.Grant Hulbert, Director of Engineering ********************************** Smith Micro, Internet Solutions Div | eCommerce (WebCatalog) 16855 West Bernardo Drive, #380 | ------------------------- San Diego, CA 92127 | Software & Site Development Main Line: (858) 675-1106 | http://www.smithmicro.com Fax: (858) 675-0372 **********************************############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Grant Hulbert

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Aaron kant add (or whatever it was) (2000) Document Contains No Data! (1997) Just Testing (1997) Searching for ALL / empty form field (1997) the comparison character \ (2000) Works! (1997) Tab Charactor (1997) 403 Forbidden Errors (2003) Sku numbers (1997) Please.. copies of Digest for 7/29 and 7/30? (1997) WebCatalog2 Feature Feedback (1996) Purchased cart being overwritten - still !?? (1997) Email within tmpl ? (1997) Newbie from and old bee (1997) SMSI -- a [notfound] context? (2002) [shownext max (1997) ErrorMessages.db suggestion (1997) Associative lookup style? (1997) RE: New WebCatalog Version !!! (1997) WC2.0 Memory Requirements (1997)