Re: Security & Query Strings

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 55859
interpreted = N
texte = Correct, but I think these are limited to delete and replace=2E Remember, just because WebCat doesn't allow access to the dbs directly through the file system doesn't mean that someone can't hack into the system and know that /dbs/userinfo/cc=2Edb contains all of your customers' credit card numbers=2E If you encrypt the query string, it just adds a little more security=2E If it doesn't matter whether or not people know the site's database structure, then don't waste the processor time to encrypt it=2E ---- Original Message ---- From: justincarroll@sanduskyregister=2Ecom To: WebDNA-Talk@talk=2Esmithmicro=2Ecom Subject: Re: Security & Query Strings Date: 02 Feb 2004 15:57:12 -0500 >I thought you could setup WebCatalog to not allow certain contexts to >be inserted into URL's unless you have admin access=2E > >Justin Carroll > >On Tuesday, March 23, 1943, Joe D'Andrea wrote: >>At 3:48 PM -0500 2/2/04, Justin Carroll wrote: >>>If WebCatalog is setup to not show =2Edb from the URL, what's >>the point of hiding the query string? >>> >>>I'm trying to understand why anyone would want to >>encrypt/decrypt query strings when user can't access =2Edb files >>or insert [search] commands into a URL=2E Thanks=2E >> >>Who says you can't insert search commands into a URL? >> >> >> >>------------------------------------------------------------- >>This message is sent to you because you are subscribed to >> the mailing list =2E >>To unsubscribe, E-mail to: >>To switch to the DIGEST mode, E-mail to > >>Web Archive of this list is at: http://webdna=2Esmithmicro=2Ecom/ >> > > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list =2E >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to > >Web Archive of this list is at: http://webdna=2Esmithmicro=2Ecom/ ---- "I've never known a musician who regretted being one=2E Whatever=20 else life gives you, music will never let you down=2E ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Security Problem (Tom Duke 2015)
  2. Re: [WebDNA] Security Problem (Stuart Tremain 2015)
  3. [WebDNA] Security Problem (Stuart Tremain 2015)
  4. [WebDNA] security patches (Olin Lagon 2014)
  5. RE: [WebDNA] Security Groups ("Michael A. DeLorenzo" 2010)
  6. Re: [WebDNA] Security Groups (Govinda 2010)
  7. [WebDNA] Security Groups ("Michael A. DeLorenzo" 2010)
  8. Re: [WebDNA] Security best practice (Donovan Brooke 2009)
  9. Re: [WebDNA] Security best practice (Terry Wilson 2009)
  10. Re: [WebDNA] Security best practice (Clint Davis 2009)
  11. Re: [WebDNA] Security best practice (Terry Wilson 2009)
  12. Re: [WebDNA] Security best practice (Donovan Brooke 2009)
  13. Re: [WebDNA] Security best practice (Donovan Brooke 2009)
  14. [WebDNA] Security best practice ("Tom Duke" 2009)
  15. [BULK] Re: [WebDNA] Security Images (Captcha) ("Psi Prime, Matthew A Perosi " 2008)
  16. Re: [WebDNA] Security Images (Captcha) ( 2008)
  17. Re: [WebDNA] Security Images (Captcha) ("Psi Prime, Matthew A Perosi " 2008)
  18. RE: [WebDNA] Security Images (Captcha) ("Olin Lagon" 2008)
  19. [WebDNA] Security Images (Captcha) ( 2008)
  20. Just checking security updates ( Steve Craig 2005)
  21. Re: [OT] SSL security in browser ( Stuart Tremain 2005)
  22. Re: [OT] SSL security in browser ( "Will Starck" 2005)
  23. Re: [OT] SSL security in browser ( Stuart Tremain 2005)
  24. Re: [OT] SSL security in browser ( WJ Starck 2005)
  25. Re: [OT] SSL security in browser ( WJ Starck 2005)
  26. Re: [OT] SSL security in browser ( WJ Starck 2005)
  27. Re: [OT] SSL security in browser ( Stuart Tremain 2005)
  28. Re: [OT] SSL security in browser ( Stuart Tremain 2005)
  29. Re: [OT] SSL security in browser ( WJ Starck 2005)
  30. Re: [OT] SSL security in browser ( Stuart Tremain 2005)
  31. Re: [OT] SSL security in browser ( Stuart Tremain 2005)
  32. Re: [OT] SSL security in browser ( "WebDNA Talk-List Admin" 2005)
  33. Re: [OT] SSL security in browser ( Stuart Tremain 2005)
  34. [OT] SSL security in browser ( WJ Starck 2005)
  35. Re: [OT] Security in general [Was] Re: WebDNA security ( Matthew A Perosi 2004)
  36. Re: [OT] Security in general [Was] Re: WebDNA security ( "WebDna @ Inkblot Media" 2004)
  37. [OT] Security in general [Was] Re: WebDNA security ( Alan White 2004)
  38. Re: Norton Internet Security filtering out WebDNA processsed ( Robert Schmidt 2004)
  39. Re: Norton Internet Security filtering out WebDNA processsed ( Terry Wilson 2004)
  40. Re: Norton Internet Security filtering out WebDNA processsed ( Frank Nordberg 2004)
  41. Re: Norton Internet Security filtering out WebDNA processsed ( "Sal D'Anna" 2004)
  42. Re: Norton Internet Security filtering out WebDNA processsed ( Matthew A Perosi 2004)
  43. Re: Norton Internet Security filtering out WebDNA processsed ( "Sal D'Anna" 2004)
  44. Re: Norton Internet Security filtering out WebDNA processsed ( John Peacock 2004)
  45. Re: Norton Internet Security filtering out WebDNA processsed ( Phil Herring 2004)
  46. Norton Internet Security filtering out WebDNA processsed pages ( Robert Schmidt 2004)
  47. Re: Security stumper [mildly OT] ( Tim Robinson 2004)
  48. Re: Security stumper [mildly OT] ( John Peacock 2004)
  49. Re: Security stumper [mildly OT] ( Matthew A Perosi 2004)
  50. Security stumper [mildly OT] ( Phil Herring 2004)
  51. Re: Security & Query Strings ( Justin Carroll 2004)
  52. Re: Security & Query Strings ( "Matthew C. Bohne" 2004)
  53. Re: Security & Query Strings ( Clint Davis 2004)
  54. Re: Security & Query Strings ( Justin Carroll 2004)
  55. Re: Security & Query Strings ( Joe D'Andrea 2004)
  56. Security & Query Strings ( Justin Carroll 2004)
  57. Re: Database Security Rev., (Kenneth Grome 2002)
  58. Re: Database Security Rev., (Donovan 2002)
  59. Re: Database Security Rev., (Kenneth Grome 2002)
  60. Re: Database Security Rev., (Jay Van Vark 2002)
  61. Re: Database Security Rev., (Donovan 2002)
  62. Re: Database Security Rev., (Stuart Tremain 2002)
  63. Re: Database Security Rev., (Jay Van Vark 2002)
  64. Re: Database Security Rev., (Donovan 2002)
  65. Re: Database Security Rev., (Andrew Simpson 2002)
  66. Re: Database Security Rev., (Donovan 2002)
  67. Re: Database Security Rev., (Jeff Logan 2002)
  68. Database Security Rev., (Donovan 2002)
  69. Re: About the + sign: security alert (Grant Hulbert 2002)
  70. New Security Standard for WebLink and ADC Relay ResponseUsers-FY (Sal D'anna 2002)
  71. Re: Multi-User Security on *nix using mod_rewrite (Alain Russell 2002)
  72. Re: Multi-User Security on *nix using mod_rewrite (Aaron Lynch 2002)
  73. Re: Multi-User Security on *nix using mod_rewrite (Aaron Lynch 2002)
  74. Re: Multi-User Security on *nix using mod_rewrite (Clement Ross 2002)
  75. Re: Multi-User Security on *nix using mod_rewrite (Alain Russell 2002)
  76. Multi-User Security on *nix using mod_rewrite (Michael Davis 2002)
  77. Re: MacOS9 plugin 4.0.2b5 template security error (Dale LaFountain 2000)
  78. Re: MacOS9 plugin 4.0.2b5 template security error (Grant Hulbert 2000)
  79. Re: MacOS9 plugin 4.0.2b5 template security error (Grant Hulbert 2000)
  80. Re: MacOS9 plugin 4.0.2b5 template security error (Dale LaFountain 2000)
  81. Re: MacOS9 plugin 4.0.2b5 template security error (Sam Lewis 2000)
  82. MacOS9 plugin 4.0.2b5 template security error (Dale LaFountain 2000)
  83. Re: [OT] Security Certs (John Peacock 2000)
  84. Re: [OT] Security Certs (Stuart Tremain 2000)
  85. Re: [OT] Security Certs (Stuart Tremain 2000)
  86. Re: [OT] Security Certs (Jesse Proudman (Lists Account) 2000)
  87. [OT] Security Certs (Stuart Tremain 2000)
  88. Re: [OT] Security Certs (Jesse Proudman (Lists Account) 2000)
  89. Re: math variable security [MEDIUM LONG] (Bob Minor 2000)
  90. Re: math variable security [MEDIUM LONG] (John Peacock 2000)
  91. Re: math variable security [MEDIUM LONG] (Bob Minor 2000)
  92. Re: math variable security [VERY LONG] (John Peacock 2000)
  93. Re: Browser security type (Robert Wade 2000)
  94. Re: Browser security type (John Peacock 2000)
  95. Re: Browser security type (Robert Wade 2000)
  96. Re: Browser security type (John Peacock 2000)
  97. Browser security type (Robert Wade 2000)
  98. Re: [OT] MS Security Flaw (Brad Eisenberg 2000)
  99. Re: [OT] MS Security Flaw (Nicolas Verhaeghe 2000)
  100. Re: [OT] MS Security Flaw (Kenneth Grome 2000)
  101. Re: [OT] MS Security Flaw (Eric Ridgley 2000)
  102. Re: [OT] MS Security Flaw (Vince Medina 2000)
  103. Re: [OT] MS Security Flaw (Kenneth Grome 2000)
  104. Re: [OT] MS Security Flaw (Nicolas Verhaeghe 2000)
  105. Re: [OT] MS Security Flaw (Glenn Busbin 2000)
  106. Re: [OT] MS Security Flaw (Nicolas Verhaeghe 2000)
  107. [OT] MS Security Flaw (Glenn Busbin 2000)
  108. Re: Security problems (Rodolfo de la Garza 2000)
  109. Re: Security problems (WebDNA Support 2000)
  110. Re: Security problems (Jesse Proudman 2000)
  111. Re: [Feature Request] Stronghold security variables that cannot (Nicolas Verhaeghe 2000)
  112. Re: [Feature Request] Stronghold security variables that cannot beforce as formvariables (John Butler 2000)
  113. [Feature Request] Stronghold security variables that cannot be (Nicolas Verhaeghe 2000)
  114. Re: Security Issue (WebDNA Support 2000)
  115. Re: Security Issue (Kenneth Grome 2000)
  116. Re: Security (jpeacock@univpress.com 2000)
  117. Re: WebCatalog security on NT (JHowarth@smithmicro.com 2000)
  118. Re: WebCatalog security on NT (Kenneth Grome 2000)
  119. Re: WebCatalog security on NT (David M. Dantowitz 2000)
  120. Re: WebCatalog security on NT (Kenneth Grome 2000)
  121. Re: WebCatalog security on NT (Serban Constantinescu 2000)
  122. Re: WebCatalog security on NT (Kenneth Grome 2000)
  123. WebCatalog security on NT (Serban Constantinescu 2000)
  124. Re: Security Levels... Possible? (Therio, Dale 2000)
  125. Re: Security Levels... Possible? (Kim Ingram 2000)
  126. Re: Security Levels... Possible? (Kenneth Grome 2000)
  127. Re: Security Levels... Possible? (Howard Wolosky 2000)
  128. Re: Security Levels... Possible? (Will Starck 2000)
  129. Re: Security Levels... Possible? (Conrad Hubbard 2000)
  130. Re: Security hole in WebCat? (Grant Hulbert 1999)
  131. Re: Security hole in WebCat? (Michael Winston 1999)
  132. Re: Security hole in WebCat? (Michael Winston 1999)
  133. Re: security (https) w webcat (Tim Taylor 1999)
  134. Re: security (https) w webcat (Rob Marquardt 1999)
  135. Re: security (https) w webcat (Bill Taylor ( FMCI) 1999)
  136. Re: security (https) w webcat (Mícheál O Sé 1999)
  137. Re: Q on the best way to set up a security function so users canedit records (Charles Kefauver 1999)
  138. Re: Q on the best way to set up a security function so users can edit records (webcat 1999)
  139. Re: Q on the best way to set up a security function so users canedit records (PCS Technical Support 1999)
  140. Q on the best way to set up a security function so users can edit records (webcat 1999)
  141. Re: Security Issue (Peter Ostry 1999)
  142. Re: Security Issue (Kenneth Grome 1999)
  143. Re: Security Issue (Bob Minor 1999)
  144. Re: Security - 2 (PCS Technical Support 1999)
  145. Re: Email security (was CC and Europe) (PCS Technical Support 1999)
  146. Re: template security preferences????? (PCS Technical Support 1998)
  147. RE: template security preferences????? (Richard 1998)
  148. Re: template security preferences????? (PCS Technical Support 1998)
  149. Re: template security preferences????? (Kenneth Grome 1998)
  150. template security preferences????? (Richard 1998)
  151. Re: Security Hole - NetCloak Update (Paul Uttermohlen 1998)
  152. Re: Security Hole - NetCloak Update (Peter Ostry 1998)
  153. Re: Security Hole - NetCloak Update (John O'Fallon 1998)
  154. Re: Security Hole - NetCloak Update (John O'Fallon 1998)
  155. Re: Security Hole - NetCloak Update (Charles Kefauver 1998)
  156. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  157. Re: Security Hole - NetCloak Update (Paul Uttermohlen 1998)
  158. Re: Security Hole - NetCloak Update (John O'Fallon 1998)
  159. Re: Major Security Hole (Kenneth Grome 1998)
  160. Re: Major Security Hole (Peter Ostry 1998)
  161. Re: Major Security Hole (Paul Uttermohlen 1998)
  162. Re: Major Security Hole (solution with Welcome) (Peter Ostry 1998)
  163. Re: Major Security Hole (Charles Kefauver 1998)
  164. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  165. Re: Major Security Hole (PCS Technical Support 1998)
  166. Re: Major Security Hole (Peter Ostry 1998)
  167. Re: Major Security Hole (Dan Tryon 1998)
  168. Re: Major Security Hole (Jim Turney 1998)
  169. Re: Major Security Hole (Peter Ostry 1998)
  170. Re: Major Security Hole (Paul Uttermohlen 1998)
  171. Re: Major Security Hole (Bob Minor 1998)
  172. Re: Major Security Hole (Dan Tryon 1998)
  173. Re: Major Security Hole (Brian Willson 1998)
  174. Re: Major Security Hole (Britt T. 1998)
  175. Re: Major Security Hole (Paul Uttermohlen 1998)
  176. Re: Major Security Hole (Dave MacLeay 1998)
  177. Re: Major Security Hole (Bob Minor 1998)
  178. Re: Major Security Hole (Peter Ostry 1998)
  179. Re: Major Security Hole (PCS Technical Support 1998)
  180. Major Security Hole (Paul Uttermohlen 1998)
  181. Re: Major Security Hole IIS NT (Bob Minor 1998)
  182. Re: Major Security Hole IIS NT (greg 1998)
  183. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  184. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  185. RE: Major Security Hole IIS NT (PCS Technical Support 1998)
  186. RE: Major Security Hole IIS NT (Olin 1998)
  187. Re: Major Security Hole IIS NT (Bob Minor 1998)
  188. Re: Major Security Hole IIS NT (PCS Technical Support 1998)
  189. Re: Major Security Hole IIS NT (Bob Minor 1998)
  190. Re: Major Security Hole IIS NT (Peter Ostry 1998)
  191. Re: Major Security Hole IIS NT (Bob Minor 1998)
  192. Re: Major Security Hole IIS NT (Bob Minor 1998)
  193. Major Security Hole IIS NT (Bob Minor 1998)
  194. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  195. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  196. Re: Major Security Hole IIS NT (Chuck Wall 1998)
  197. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  198. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  199. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  200. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  201. Re: Security for malls with different webmasters (Jack Baty 1998)
  202. Re: Security for malls with different webmasters (PCS Technical Support 1998)
  203. Re: Security for malls with different webmasters (Kenneth Grome 1998)
  204. Re: Security for malls with different webmasters (Olin Lagon 1998)
  205. Re: Entry point? Security w/ dbase helper? (Grant Hulbert 1997)
  206. Entry point? Security w/ dbase helper? (list@9way.com 1997)
  207. Re: Paths, relative paths, webstar server setup and security (Mac) (Sandra L. Pitner 1997)
  208. Re: Paths, relative paths, webstar server setup and security (Mac) (Sandra L. Pitner 1997)
  209. Re: Paths, relative paths, webstar server setup and security (Mac) (Grant Hulbert 1997)
  210. db security on NT (Olin 1997)
  211. Re: Template Security error (a.h.s. boy 1997)
  212. Re: Template Security error (Grant Hulbert 1997)
  213. Template Security error (a.h.s. boy 1997)
  214. Re: Physical Security for WebCatalog Directories (Grant Hulbert 1997)
  215. Re: Physical Security for WebCatalog Directories (Kenneth Grome 1997)
  216. Physical Security for WebCatalog Directories (plake 1997)
  217. Re: Security Issue (Olin 1997)
  218. Re: Security Question (Kenneth Grome 1997)
  219. Re: Security Question (Grant Hulbert 1997)
  220. Re: Multiple security dbs (John Hill 1997)
  221. Re: Multiple security dbs (John Hill 1997)
  222. Re: security problem (natasha 1997)
  223. Re: Multiple security dbs (Kenneth Grome 1997)
  224. Multiple security dbs (bob 1997)
  225. Re: [Announce]: Web server security and password protection (Rob Schmidt 1997)
  226. [Announce]: Web server security and password protection (John Hill 1997)
  227. Re: Security Tip (Greg Lindberg 1996)
  228. WebCommerce Security Alert! (Grant Hulbert 1996)
  229. Check the Federal Government's Social Security database (Patrick Mac Cormick The )
Correct, but I think these are limited to delete and replace=2E Remember, just because WebCat doesn't allow access to the dbs directly through the file system doesn't mean that someone can't hack into the system and know that /dbs/userinfo/cc=2Edb contains all of your customers' credit card numbers=2E If you encrypt the query string, it just adds a little more security=2E If it doesn't matter whether or not people know the site's database structure, then don't waste the processor time to encrypt it=2E ---- Original Message ---- From: justincarroll@sanduskyregister=2Ecom To: WebDNA-Talk@talk=2Esmithmicro=2Ecom Subject: Re: Security & Query Strings Date: 02 Feb 2004 15:57:12 -0500 >I thought you could setup WebCatalog to not allow certain contexts to >be inserted into URL's unless you have admin access=2E > >Justin Carroll > >On Tuesday, March 23, 1943, Joe D'Andrea wrote: >>At 3:48 PM -0500 2/2/04, Justin Carroll wrote: >>>If WebCatalog is setup to not show =2Edb from the URL, what's >>the point of hiding the query string? >>> >>>I'm trying to understand why anyone would want to >>encrypt/decrypt query strings when user can't access =2Edb files >>or insert [search] commands into a URL=2E Thanks=2E >> >>Who says you can't insert search commands into a URL? >> >> >> >>------------------------------------------------------------- >>This message is sent to you because you are subscribed to >> the mailing list =2E >>To unsubscribe, E-mail to: >>To switch to the DIGEST mode, E-mail to > >>Web Archive of this list is at: http://webdna=2Esmithmicro=2Ecom/ >> > > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list =2E >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to > >Web Archive of this list is at: http://webdna=2Esmithmicro=2Ecom/ ---- "I've never known a musician who regretted being one=2E Whatever=20 else life gives you, music will never let you down=2E ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Matthew C. Bohne"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Sendmail Question (2001) Yet another frames Question (1999) Date search - yes or no (1997) writefiles (1999) [WebDNA] Safari making duplicate records (2009) WebCatalog Upgrade Pricing? (1997) New iMac, now ... how do I make webdna serve .html files? (2005) 'does not contain' operator needed ... (1997) Commas in search (1998) unsubscribe (1997) I forgot (1998) database paths/names, and a typo (1997) 2nd WebCatalog2 Feature Request (1996) parsing multiple xml files... (2004) [OT] Webmaster Opportunity in Cypress, CA (2003) How To question on setting up downloads (1997) [WebDNA] Stop hacking (2013) WebDNA problems with Itools 7.3 Upgrade (2004) Formulas.db question (2002) Question on lineitems (2002)