[WebDNA] Encode cookies ONLY via "method=Base64"
This WebDNA talk-list message is from 2008
It keeps the original formatting.
numero = 101259
interpreted = N
texte = > sometimes a second decrypt and/or unurl=20> is needed.=20A different number of decrypts and encrypts never works, you=20must always use the same number of these contexts. A=20different number of urls and unurls is definitely necessary=20sometimes:> Syntax reminder on variable (straight), and database> encryption:> Straight encryption: same amount of [url]'s going in as> comming out=20> Database encryption: one more [url] going in=20> than comming outRight, thanks for the reminder. =20With the cookies I first tried the same number of urls and=20unurls but it was failing, so then I tried using one more=20url going in -- because I thought that *maybe* using=20cookies is similar to using a database. But this theory=20was wrong because an extra url with cookies does not fix=20the problem like it does with a database.> Could you please tell us what server you're using?My client's Windows server running WebDNA 6.?> I have found the same thing as Ken has, and that it=20> is on our list of potential bugs that we are addressing. =A0> The scope appears to be only in cookie and orderfile=20> interaction so far. =20Orderfile too? =20Thanks Donovan, that's two scopes we should avoid when using=20the standard WebDNA encryption. Too bad though, since I=20want to use encrypted cookies for security reasons. =20PROBABLE CONCLUSION:Although Base64 is an encoding method (not an encryption=20method) it is the ONLY method that actually works when=20trying to obfuscate cookie values.Base64 is certainly not secure like an encrypted value might=20be, but it is better than nothing I guess. I tested all=20methods using cookies with the following results:standard webdna encryption --> fails 1/4 of the timemethod=3DCyberCash --> cannot be decryptedmethod=3DAPOP --> cannot be decryptedmethod=3DBase64 --> 100% reliable in dozens of testsSincerely,Ken Grome
Associated Messages, from the most recent to the oldest:
> sometimes a second decrypt and/or unurl=20> is needed.=20A different number of decrypts and encrypts never works, you=20must always use the same number of these contexts. A=20different number of urls and unurls is definitely necessary=20sometimes:> Syntax reminder on variable (straight), and database> encryption:> Straight encryption: same amount of
[url]'s going in as> comming out=20> Database encryption: one more
[url] going in=20> than comming outRight, thanks for the reminder. =20With the cookies I first tried the same number of urls and=20unurls but it was failing, so then I tried using one more=20url going in -- because I thought that *maybe* using=20cookies is similar to using a database. But this theory=20was wrong because an extra url with cookies does not fix=20the problem like it does with a database.> Could you please tell us what server you're using?My client's Windows server running WebDNA 6.?> I have found the same thing as Ken has, and that it=20> is on our list of potential bugs that we are addressing. =A0> The scope appears to be only in cookie and orderfile=20> interaction so far. =20Orderfile too? =20Thanks Donovan, that's two scopes we should avoid when using=20the standard WebDNA encryption. Too bad though, since I=20want to use encrypted cookies for security reasons. =20PROBABLE CONCLUSION:Although Base64 is an encoding method (not an encryption=20method) it is the ONLY method that actually works when=20trying to obfuscate cookie values.Base64 is certainly not secure like an encrypted value might=20be, but it is better than nothing I guess. I tested all=20methods using cookies with the following results:standard webdna encryption --> fails 1/4 of the timemethod=3DCyberCash --> cannot be decryptedmethod=3DAPOP --> cannot be decryptedmethod=3DBase64 --> 100% reliable in dozens of testsSincerely,Ken Grome
Kenneth Grome
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Faxing orders in place of email (1997)
WC Database Format (1997)
converting characters in form (1997)
Date search - yes or no (1997)
delete credit card number (2002)
Re(2): typhoon ? (2003)
User/pass with tcpconnect (2000)
WebCatalog for guestbook ? (1997)
[Cart] ... (1997)
WebCat2: Items xx to xx shown, etc. (1997)
Multi-processor Mac info ... (1997)
Ampersand (1997)
Setting up WebCatalog with Retail Pro data (1996)
SHOWIF/HIDEIF empty fields (2005)
[searchString] (1997)
HideIf ip= OR ip= (1998)
Fwd: Image Pirating [protecting against] (2003)
WebCatalog [FoundItems] Problem - AGAIN - (1997)
OT-JS question (2001)
4.5 Upgrade (2003)