Re: WebDNA security

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 58988
interpreted = N
texte = Patrick McCormick wrote: > One particular point that IT dude was trying to make is that simply > running WebDNA on a machine exposes that machine to hacking. The only truly secure computer is one that is unplugged and embedded in concrete (and even then, I'd demand a few feet of lead shielding to prevent cosmic rays from flipping bits). ;) All actively generated pages that accept _any_ input from the user can conceivably be hacked (or at least DOS'd). It sounds like this supposed IT executive was reacting more from the CYA impulse than any realistic security consideration. Had I been there, I would probably have flayed him alive (is he running any version of IIS, does he use any ASP, or other actively generated pages, etc.) and made him look like the PHB he is. PHP isn't really comparable to anything except the simple web scripting language it is. Sadly, WebDNA's market share is too small to interest any serious hackers (plus it is so easy to make it look like an ASP site and seriously mess with the ones who try). On the same basis, I doubt any security organization would be interested in doing a survey without a 5 figure payment... My 2 cents John -- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: WebDNA security ( Patrick McCormick 2004)
  2. Re: [OT] Security in general [Was] Re: WebDNA security ( Matthew A Perosi 2004)
  3. Re: WebDNA security ( Bob Minor 2004)
  4. Re: WebDNA security ( Larry Hewitt 2004)
  5. Re: WebDNA security ( Patrick McCormick 2004)
  6. Re: WebDNA security ( "Sal D'Anna" 2004)
  7. Re: [OT] Security in general [Was] Re: WebDNA security ( "WebDna @ Inkblot Media" 2004)
  8. Re: WebDNA security ( John Peacock 2004)
  9. Re: WebDNA security ( Donovan Brooke 2004)
  10. [OT] Security in general [Was] Re: WebDNA security ( Alan White 2004)
  11. Re: WebDNA security ( Alan White 2004)
  12. Re: WebDNA security ( John Peacock 2004)
  13. WebDNA security ( Patrick McCormick 2004)
Patrick McCormick wrote: > One particular point that IT dude was trying to make is that simply > running WebDNA on a machine exposes that machine to hacking. The only truly secure computer is one that is unplugged and embedded in concrete (and even then, I'd demand a few feet of lead shielding to prevent cosmic rays from flipping bits). ;) All actively generated pages that accept _any_ input from the user can conceivably be hacked (or at least DOS'd). It sounds like this supposed IT executive was reacting more from the CYA impulse than any realistic security consideration. Had I been there, I would probably have flayed him alive (is he running any version of IIS, does he use any ASP, or other actively generated pages, etc.) and made him look like the PHB he is. PHP isn't really comparable to anything except the simple web scripting language it is. Sadly, WebDNA's market share is too small to interest any serious hackers (plus it is so easy to make it look like an ASP site and seriously mess with the ones who try). On the same basis, I doubt any security organization would be interested in doing a survey without a 5 figure payment... My 2 cents John -- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

List Server (1999) Counting LineItems (2000) [WriteFile] problems (1997) SET and C-SET (1998) AND/OR searches in WebCat 3.07 (2003) Write to the desktop? (2002) Running _every_ page through WebCat ? (1997) LetterRip and WebCat & more (1998) remotely creating and populating a stock inventory db -almostthere! (1999) WebCatalog and WebMerchant reviewed by InfoWorld (1997) Removing [showif] makes a big difference in speed (1997) RE: 2nd WebCatalog2 Feature Request (1996) [WebDNA] Case-insensitive URLs (2011) Authenticate (1997) LookUp Tag (1997) If Empty ? (1997) Searching multiple fields (1997) Security Hole - NetCloak Update (1998) PCS Frames-Default page is solution! (1997) .txt file (2000)