> > Sent: Monday, August 14, 2000 10:15 AM> > Subject: Re: Encrypt & SetHeader Length Problem> >> > > Note that the header fields are all fixed length, and not your fieldsto> > > play with casually. See the docs for the Puchase command, which lists> > > most of the field lengths (AccountNum is not one of them, but 14 would> > > cover all credit card lengths).> > >> > > If you want to store something longer, use one of Header1-Header40,and> > > you won't have the length problem.> > >> > > HTH> > >> > > John Peacock> > >> > > Pete Campbell wrote:> > > >> > > > I'm trying to encrypt a number and put it into the cart ACCOUNTNUM> > header> > > > field. The problem is that only 14 digits of the originalnumber/string> > are> > > > available after the DECRYPT. The ACCOUNTNUM field is not limited in> > length> > > > because I can set it to a string of any length. The problem seems to> > occur> > > > only when I use URLed ENCRYPT data. From the code & output below, it> > looks> > > > like the SETHEADER context is not storing all of the URL/ENCRYPTdata.> > > >> > > > I use the [URL] context twice to convert the encrypted data to a> > hex-only> > > > value (presumably safer for headers & DB data). I also use the [URL]> > context> > > > inside the SETHEADER context because it seems to automatically unURL> > data.> > > > This way I (hopefully) ensure that the data stored in the headerfield> > is> > > > double-URLed.> > > >> > > > Thanks in advance for any help / suggestions / workarounds.> > > >> > > > Pete> > > >> > > > The test code and output is below:> > > >> > > > [!]************ WebCat code: ************ [/!]> > > > [!]This code has a 12-digit input string and works properly.[/!]> > > >> > > > [text]encryptednum=[url][encrypt> > > > seed=TestTest]300020001000[/encrypt][/url][/text]> > > > Setting encrypted accountnum to [encryptednum]
> > > > The decrypted value is [unurl][decrypt> > > > seed=TestTest][encryptednum][/decrypt][/unurl]...
> > > > [setheadercart=[cart]]accountnum=[url][encryptednum][/url][/setheader]> > > > Encrypted accountnum header is [accountnum]
> > > > Decrypted accountnum header is [decrypt> > > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]> > > >> > > > ************ Output: ************> > > >> > > > Setting encrypted accountnum to 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F> > > > The decrypted value is 300020001000...> > > > Encrypted accountnum header is 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F> > > > Decrypted accountnum header is 300020001000> > > >> > > > [!]************ WebCat code: ************ [/!]> > > > [!]This code has a 16-digit input string and does not workproperly.[/!]> > > >> > > > [text]encryptednum=[url][encrypt> > > > seed=TestTest]4000300020001000[/encrypt][/url][/text]> > > > Setting encrypted accountnum to [encryptednum]
> > > > The decrypted value is [unurl][decrypt> > > > seed=TestTest][encryptednum][/decrypt][/unurl]...
> > > > [setheadercart=[cart]]accountnum=[url][encryptednum][/url][/setheader]> > > > Encrypted accountnum header is [accountnum]
> > > > Decrypted accountnum header is [decrypt> > > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]
> > > >> > > > ************ Output: ************> > > >> > > > Setting encrypted accountnum to> > > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F%DEA%A6> > > > The decrypted value is 4000300020001000...> > > > Encrypted accountnum header is> > > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F> > > > Decrypted accountnum header is 40003000200010> > > >> > > > The decrypted header above is missing the last 2 digits.> > > >> > > > -------------------------------------------------------------> > > > This message is sent to you because you are subscribed to> > > > the mailing list .> > > > To unsubscribe, E-mail to: > > > > To switch to the DIGEST mode, E-mail to> > > > > > Web Archive of this list is at: http://search.smithmicro.com/> > >> > > -------------------------------------------------------------> > > This message is sent to you because you are subscribed to> > > the mailing list .> > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to> > > > > Web Archive of this list is at: http://search.smithmicro.com/> > >> >> > -------------------------------------------------------------> > This message is sent to you because you are subscribed to> > the mailing list .> > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at: http://search.smithmicro.com/>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
We have decided to encrypt all credit card data just in case someone is ableto break into our server (nothing is ever 100% secure). Of course, they canread the templates to get the encryption seed but we'll also encrypt thetemplates to prevent this.I was URLing the encrypted data to avoid interpretation problems with the WCcommands. For example, if the encrypted data had a & code in it, thiswould prematurely end the data portion of an assignment operator. I'm notsure if this could occur, but it seems possible given that the encryptcommand could return any 8-bit value. So I figured that URLing the datawould prevent this from occuring. If I'm wrong, it wouldn't be the firsttime.Pete----- Original Message -----From: John Peacock To: WebCatalog Talk Sent: Monday, August 14, 2000 12:22 PMSubject: Re: Encrypt & SetHeader Length Problem> SMSI will have to explain why the ACCOUNTNUM field takes more bare text> than it does url'd encrypted text. This does, however, raise the> question: Why are you encrypting in the first place?>> Since the cart file is located on the server and never sent to the> browser (unless you specify that field for display), and you can add> anything to the cart header in such a way that it never appears in the> HTML source, I see no reason to use encrypt at all. I know some people> have used doubly-url'd and encrypted text for storage in cookies, but> here there does not seem to be any need for that level of confusion.>> John Peacock>> Pete Campbell wrote:> >> > Thanks John. I didn't know about the field-length limits (not mentionedat> > all in the SETHEADER section of the docs). Even so, its not clear thatthe> > ACCOUNTNUM field is limited.> >> > Your solution about using a HEADERxx field instead of the ACCOUNTNUMfield> > works but its not clear why. ACCOUNTNUM does not appear to be limited in> > length. If I set the ACCOUNTNUM header to a simple alphanumeric string(say> > 7000600050004000300020001000 - 28 chars) it works fine.> >> > The problem appears to be related to the URL codes in the stringassigned to> > ACCOUNTNUM. For some reason, ACCOUNTNUM has a limited size if the stringis> > URLed. If I use a string of> > [url]*@$(*@#)$*@$(*#$(*$(*#&$(*#&$)(*[/url], the decrypted UNURLed> > ACCOUNTNUM value returned is *@$(*@#)$*@$%, much shorter than the> > original string. If I use a HEADERxx field, this does not occur.> >> > FYI, I've tested this on WC 3.?? and 4.0b1.> >> > Pete> >> > ----- Original Message -----> > From: John Peacock > > To: WebCatalog Talk > > Sent: Monday, August 14, 2000 10:15 AM> > Subject: Re: Encrypt & SetHeader Length Problem> >> > > Note that the header fields are all fixed length, and not your fieldsto> > > play with casually. See the docs for the Puchase command, which lists> > > most of the field lengths (AccountNum is not one of them, but 14 would> > > cover all credit card lengths).> > >> > > If you want to store something longer, use one of Header1-Header40,and> > > you won't have the length problem.> > >> > > HTH> > >> > > John Peacock> > >> > > Pete Campbell wrote:> > > >> > > > I'm trying to encrypt a number and put it into the cart ACCOUNTNUM> > header> > > > field. The problem is that only 14 digits of the originalnumber/string> > are> > > > available after the DECRYPT. The ACCOUNTNUM field is not limited in> > length> > > > because I can set it to a string of any length. The problem seems to> > occur> > > > only when I use URLed ENCRYPT data. From the code & output below, it> > looks> > > > like the SETHEADER context is not storing all of the URL/ENCRYPTdata.> > > >> > > > I use the [url] context twice to convert the encrypted data to a> > hex-only> > > > value (presumably safer for headers & DB data). I also use the [url]> > context> > > > inside the SETHEADER context because it seems to automatically unURL> > data.> > > > This way I (hopefully) ensure that the data stored in the headerfield> > is> > > > double-URLed.> > > >> > > > Thanks in advance for any help / suggestions / workarounds.> > > >> > > > Pete> > > >> > > > The test code and output is below:> > > >> > > > [!]************ WebCat code: ************ [/!]> > > > [!]This code has a 12-digit input string and works properly.[/!]> > > >> > > > [text]encryptednum=[url][encrypt> > > > seed=TestTest]300020001000[/encrypt][/url][/text]> > > > Setting encrypted accountnum to [encryptednum]
> > > > The decrypted value is [unurl][decrypt> > > > seed=TestTest][encryptednum][/decrypt][/unurl]...
> > > > [setheadercart=[cart]]accountnum=[url][encryptednum][/url][/setheader]> > > > Encrypted accountnum header is [accountnum]
> > > > Decrypted accountnum header is [decrypt> > > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]> > > >> > > > ************ Output: ************> > > >> > > > Setting encrypted accountnum to 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F> > > > The decrypted value is 300020001000...> > > > Encrypted accountnum header is 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F> > > > Decrypted accountnum header is 300020001000> > > >> > > > [!]************ WebCat code: ************ [/!]> > > > [!]This code has a 16-digit input string and does not workproperly.[/!]> > > >> > > > [text]encryptednum=[url][encrypt> > > > seed=TestTest]4000300020001000[/encrypt][/url][/text]> > > > Setting encrypted accountnum to [encryptednum]
> > > > The decrypted value is [unurl][decrypt> > > > seed=TestTest][encryptednum][/decrypt][/unurl]...
> > > > [setheadercart=[cart]]accountnum=[url][encryptednum][/url][/setheader]> > > > Encrypted accountnum header is [accountnum]
> > > > Decrypted accountnum header is [decrypt> > > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]
> > > >> > > > ************ Output: ************> > > >> > > > Setting encrypted accountnum to> > > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F%DEA%A6> > > > The decrypted value is 4000300020001000...> > > > Encrypted accountnum header is> > > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F> > > > Decrypted accountnum header is 40003000200010> > > >> > > > The decrypted header above is missing the last 2 digits.> > > >> > > > -------------------------------------------------------------> > > > This message is sent to you because you are subscribed to> > > > the mailing list .> > > > To unsubscribe, E-mail to: > > > > To switch to the DIGEST mode, E-mail to> > > > > > Web Archive of this list is at: http://search.smithmicro.com/> > >> > > -------------------------------------------------------------> > > This message is sent to you because you are subscribed to> > > the mailing list .> > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to> > > > > Web Archive of this list is at: http://search.smithmicro.com/> > >> >> > -------------------------------------------------------------> > This message is sent to you because you are subscribed to> > the mailing list .> > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at: http://search.smithmicro.com/>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Pete Campbell
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Cart Number sequence (1997)
[recordrank]? (2000)
WC Database Format (1997)
Install Webcatalog under NT4.0 and Microsoft IIS 2.0 (1997)
Email...Thanks (1997)
Windows 2.1b2 Append Bug? (1997)
Quitting WebMerchant ? (1997)
Maybe off topic but how to charge (1997)
calculating tax rates, mail order solutions and version 2 (1997)
WebCat2b15MacPlugin - showing [math] (1997)
Emailer (1998)
Follow-Up to: Removing [showif] makes a big difference in speed (1997)
SiteEditPro (1996)
problems with 2 tags (1997)
Securing/hiding database file (2000)
[group] ? (1997)
[BULK] [WebDNA] Candidate versions release (2010)
RE: Languages (1997)
Erotic Sites (1997)
Trouble with carts (2000)