Re: WebDNA security
This WebDNA talk-list message is from 2004
It keeps the original formatting.
numero = 59008
interpreted = N
texte = first response:On Aug 6, 2004, at 10:53 AM, John Peacock wrote:> Patrick McCormick wrote:>>> One particular point that he was trying to make is that simply >> running WebDNA on a machine exposes that machine to hacking.>> The only truly secure computer is one that is unplugged and embedded > in concrete (and even then, I'd demand a few feet of lead shielding to > prevent cosmic rays from flipping bits). ;)>> All actively generated pages that accept _any_ input from the user can > conceivably be hacked (or at least DOS'd). It sounds like this > supposed IT executive was reacting more from the CYA impulse than any > realistic security consideration. Had I been there, I would probably > have flayed him alive (is he running any version of IIS, does he use > any ASP, or other actively generated pages, etc.) and made him look > like the PHB he is. PHP isn't really comparable to anything except > the simple web scripting language it is.>> Sadly, WebDNA's market share is too small to interest any serious > hackers (plus it is so easy to make it look like an ASP site and > seriously mess with the ones who try). On the same basis, I doubt any > security organization would be interested in doing a survey without a > 5 figure payment...>> My 2 cents>> John>> -- > John Peacock> Director of Information Research and Technology> Rowman & Littlefield Publishing Group> 4501 Forbes Boulevard> Suite H> Lanham, MD 20706> 301-459-3366 x.5010> fax 301-429-5748>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list
.> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
first response:On Aug 6, 2004, at 10:53 AM, John Peacock wrote:> Patrick McCormick wrote:>>> One particular point that he was trying to make is that simply >> running WebDNA on a machine exposes that machine to hacking.>> The only truly secure computer is one that is unplugged and embedded > in concrete (and even then, I'd demand a few feet of lead shielding to > prevent cosmic rays from flipping bits). ;)>> All actively generated pages that accept _any_ input from the user can > conceivably be hacked (or at least DOS'd). It sounds like this > supposed IT executive was reacting more from the CYA impulse than any > realistic security consideration. Had I been there, I would probably > have flayed him alive (is he running any version of IIS, does he use > any ASP, or other actively generated pages, etc.) and made him look > like the PHB he is. PHP isn't really comparable to anything except > the simple web scripting language it is.>> Sadly, WebDNA's market share is too small to interest any serious > hackers (plus it is so easy to make it look like an ASP site and > seriously mess with the ones who try). On the same basis, I doubt any > security organization would be interested in doing a survey without a > 5 figure payment...>> My 2 cents>> John>> -- > John Peacock> Director of Information Research and Technology> Rowman & Littlefield Publishing Group> 4501 Forbes Boulevard> Suite H> Lanham, MD 20706> 301-459-3366 x.5010> fax 301-429-5748>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Patrick McCormick
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
textarea text truncated by browser (2000)
ColdFusion v. WebDNA (2004)
Weird problems with [SHOWIF]s (1997)
[WebDNA] Is [math] on a number with too many digits the only way that I can get scientific notation out of webdna? (2011)
List Var (2000)
What's the grep? (2004)
Re:HELP - NONE STOP DIGESTS. Digest for 4/24/97) (1997)
WebDNA Solutions ... sorry! (1997)
[WebDNA] v7 success story (2012)
Emailer port change (1997)
MacWEEK article help needed (1996)
Wierd thing in ViewOrder.tpl (1999)
[WebDNA] Error installing v6.2 on Ubuntu 10.10 ... (2012)
SSL and WebCatalog (1997)
Java Path Follow Up (2004)
[WebDNA] TCPConnect/cURL alternative for windows? (2010)
problem with applets embedded in tpl files (1997)
Re:Searching for ALL / empty form field (1997)
Multiple products Multiple price (2000)
Help Encrypt/Decrypt eMail (2003)