Re: [WebDNA] Encode cookies ONLY via "method=Base64"

This WebDNA talk-list message is from

2008


It keeps the original formatting.
numero = 101260
interpreted = N
texte = Ken Try "hiding" the value inside a longer string and then use getchars to get the true value I resorted to this technique some time ago when I ended up with problems. Stuart On 27/10/2008, at 10:02 AM, Kenneth Grome wrote: >> sometimes a second decrypt and/or unurl >> is needed. > > A different number of decrypts and encrypts never works, you > must always use the same number of these contexts. A > different number of urls and unurls is definitely necessary > sometimes: > > >> Syntax reminder on variable (straight), and database >> encryption: >> Straight encryption: same amount of [url]'s going in as >> comming out >> Database encryption: one more [url] going in >> than comming out > > Right, thanks for the reminder. > > With the cookies I first tried the same number of urls and > unurls but it was failing, so then I tried using one more > url going in -- because I thought that *maybe* using > cookies is similar to using a database. But this theory > was wrong because an extra url with cookies does not fix > the problem like it does with a database. > > >> Could you please tell us what server you're using? > > My client's Windows server running WebDNA 6.? > > >> I have found the same thing as Ken has, and that it >> is on our list of potential bugs that we are addressing. >> The scope appears to be only in cookie and orderfile >> interaction so far. > > Orderfile too? > > Thanks Donovan, that's two scopes we should avoid when using > the standard WebDNA encryption. Too bad though, since I > want to use encrypted cookies for security reasons. > > > PROBABLE CONCLUSION: > > Although Base64 is an encoding method (not an encryption > method) it is the ONLY method that actually works when > trying to obfuscate cookie values. > > Base64 is certainly not secure like an encrypted value might > be, but it is better than nothing I guess. I tested all > methods using cookies with the following results: > > standard webdna encryption --> fails 1/4 of the time > method=CyberCash --> cannot be decrypted > method=APOP --> cannot be decrypted > method=Base64 --> 100% reliable in dozens of tests > > > Sincerely, > Ken Grome > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  2. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2012)
  3. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime Inc, Matthew A Perosi " 2012)
  4. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Govinda 2012)
  5. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  6. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  7. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  8. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  9. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  10. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  11. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  12. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  13. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  14. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Gary Krockover" 2008)
  15. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  16. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  17. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  18. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  19. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  20. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  21. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Patrick McCormick 2008)
  22. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  23. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  24. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Christer Olsson 2008)
  25. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  26. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  27. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  28. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  29. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  30. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  31. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  32. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  33. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  34. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  35. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  36. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  37. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  38. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  39. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  40. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  41. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  42. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  43. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  44. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  45. [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
Ken Try "hiding" the value inside a longer string and then use getchars to get the true value I resorted to this technique some time ago when I ended up with problems. Stuart On 27/10/2008, at 10:02 AM, Kenneth Grome wrote: >> sometimes a second decrypt and/or unurl >> is needed. > > A different number of decrypts and encrypts never works, you > must always use the same number of these contexts. A > different number of urls and unurls is definitely necessary > sometimes: > > >> Syntax reminder on variable (straight), and database >> encryption: >> Straight encryption: same amount of [url]'s going in as >> comming out >> Database encryption: one more [url] going in >> than comming out > > Right, thanks for the reminder. > > With the cookies I first tried the same number of urls and > unurls but it was failing, so then I tried using one more > url going in -- because I thought that *maybe* using > cookies is similar to using a database. But this theory > was wrong because an extra url with cookies does not fix > the problem like it does with a database. > > >> Could you please tell us what server you're using? > > My client's Windows server running WebDNA 6.? > > >> I have found the same thing as Ken has, and that it >> is on our list of potential bugs that we are addressing. >> The scope appears to be only in cookie and orderfile >> interaction so far. > > Orderfile too? > > Thanks Donovan, that's two scopes we should avoid when using > the standard WebDNA encryption. Too bad though, since I > want to use encrypted cookies for security reasons. > > > PROBABLE CONCLUSION: > > Although Base64 is an encoding method (not an encryption > method) it is the ONLY method that actually works when > trying to obfuscate cookie values. > > Base64 is certainly not secure like an encrypted value might > be, but it is better than nothing I guess. I tested all > methods using cookies with the following results: > > standard webdna encryption --> fails 1/4 of the time > method=CyberCash --> cannot be decrypted > method=APOP --> cannot be decrypted > method=Base64 --> 100% reliable in dozens of tests > > > Sincerely, > Ken Grome > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WCS Newbie question (1997) Sun doesn't have an emailer app? (2000) Multiple Replaces? (1997) WebCat2final1 crashes (1997) form data submission gets truncated (1997) Showing once on a founditems (1997) WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) Multiple adding (1997) Upgrade to WebCat2 from Commerce Lite (1997) b18 problem on NT 4.0 (1997) Replace context problem ... (1997) Image upload (2000) virtual virtual hosted store.... (1998) New public beta available (1997) [OT] ssh user@domain.com (2004) Secure server question (1997) Extended [ConvertChars] (1997) Running 2 two WebCatalog.acgi's (1996) GIF Converter vs. Clip2Gif (2000) input type=file has no value? (2003)