[WebDNA] Encode cookies ONLY via "method=Base64"

This WebDNA talk-list message is from

2008


It keeps the original formatting.
numero = 101259
interpreted = N
texte = > sometimes a second decrypt and/or unurl=20 > is needed.=20 A different number of decrypts and encrypts never works, you=20 must always use the same number of these contexts. A=20 different number of urls and unurls is definitely necessary=20 sometimes: > Syntax reminder on variable (straight), and database > encryption: > Straight encryption: same amount of [url]'s going in as > comming out=20 > Database encryption: one more [url] going in=20 > than comming out Right, thanks for the reminder. =20 With the cookies I first tried the same number of urls and=20 unurls but it was failing, so then I tried using one more=20 url going in -- because I thought that *maybe* using=20 cookies is similar to using a database. But this theory=20 was wrong because an extra url with cookies does not fix=20 the problem like it does with a database. > Could you please tell us what server you're using? My client's Windows server running WebDNA 6.? > I have found the same thing as Ken has, and that it=20 > is on our list of potential bugs that we are addressing. =A0 > The scope appears to be only in cookie and orderfile=20 > interaction so far. =20 Orderfile too? =20 Thanks Donovan, that's two scopes we should avoid when using=20 the standard WebDNA encryption. Too bad though, since I=20 want to use encrypted cookies for security reasons. =20 PROBABLE CONCLUSION: Although Base64 is an encoding method (not an encryption=20 method) it is the ONLY method that actually works when=20 trying to obfuscate cookie values. Base64 is certainly not secure like an encrypted value might=20 be, but it is better than nothing I guess. I tested all=20 methods using cookies with the following results: standard webdna encryption --> fails 1/4 of the time method=3DCyberCash --> cannot be decrypted method=3DAPOP --> cannot be decrypted method=3DBase64 --> 100% reliable in dozens of tests Sincerely, Ken Grome Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  2. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2012)
  3. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime Inc, Matthew A Perosi " 2012)
  4. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Govinda 2012)
  5. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  6. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  7. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  8. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  9. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  10. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  11. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  12. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  13. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  14. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Gary Krockover" 2008)
  15. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  16. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  17. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  18. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  19. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  20. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  21. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Patrick McCormick 2008)
  22. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  23. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  24. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Christer Olsson 2008)
  25. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  26. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  27. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  28. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  29. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  30. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  31. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  32. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  33. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  34. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  35. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  36. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  37. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  38. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  39. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  40. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  41. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  42. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  43. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  44. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  45. [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
> sometimes a second decrypt and/or unurl=20 > is needed.=20 A different number of decrypts and encrypts never works, you=20 must always use the same number of these contexts. A=20 different number of urls and unurls is definitely necessary=20 sometimes: > Syntax reminder on variable (straight), and database > encryption: > Straight encryption: same amount of [url]'s going in as > comming out=20 > Database encryption: one more [url] going in=20 > than comming out Right, thanks for the reminder. =20 With the cookies I first tried the same number of urls and=20 unurls but it was failing, so then I tried using one more=20 url going in -- because I thought that *maybe* using=20 cookies is similar to using a database. But this theory=20 was wrong because an extra url with cookies does not fix=20 the problem like it does with a database. > Could you please tell us what server you're using? My client's Windows server running WebDNA 6.? > I have found the same thing as Ken has, and that it=20 > is on our list of potential bugs that we are addressing. =A0 > The scope appears to be only in cookie and orderfile=20 > interaction so far. =20 Orderfile too? =20 Thanks Donovan, that's two scopes we should avoid when using=20 the standard WebDNA encryption. Too bad though, since I=20 want to use encrypted cookies for security reasons. =20 PROBABLE CONCLUSION: Although Base64 is an encoding method (not an encryption=20 method) it is the ONLY method that actually works when=20 trying to obfuscate cookie values. Base64 is certainly not secure like an encrypted value might=20 be, but it is better than nothing I guess. I tested all=20 methods using cookies with the following results: standard webdna encryption --> fails 1/4 of the time method=3DCyberCash --> cannot be decrypted method=3DAPOP --> cannot be decrypted method=3DBase64 --> 100% reliable in dozens of tests Sincerely, Ken Grome Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

lookup and two records? (1997) WebCatalog [FoundItems] Problem - LONG - (1997) ShipCost Data Base (1998) Checksum failure [OT] (2002) Merging databases (1997) Country & Ship-to address & other fields ? (1997) [addlineitems] (1997) thread7715.debug (1999) Code BabelFish (was: I've been thinking) (2002) Max Record length restated as maybe bug (1997) Further tests with the infamous shipCost (1997) Setting up WebCatalog with Retail Pro data (1996) no word on MacAuthorize... (1997) Runtime (1998) New syntax feedback for 4.0 (2000) Comments in db? (1997) PCS Customer submissions ? (1997) What the *(**&^* webcat/mer (1998) quitting (1997) Text data with spaces in them... (1997)