Re: [WebDNA] Security best practice
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 101851
interpreted = N
texte = Regarding security, one thing that is new inCICADA is the ability to encrypt (as an option)certain sensitive orderfile information.. suchas "accountnum". This is one area that I wouldlike for people to test, because I haveonly had the chance to test it marginally. Sofar, my tests are that it works. ;-)For example, (only for CICADA owners) activate anorderfile encryption (in the admin pages) and, ona template, do a :[setheader cart=[cart]]accountnum=4111111111111111[/setheader](remember to have the "ShoppingCarts"directory in the same root as your test template)If you look in the orderfile that was created after hittingthat template ("less
" in a terminalwindow), you will see your encrypted accountnum value.Then doing a:[orderfile cart=[cart]][accountnum][/orderfile]The encrypted value is magically decrypted and viewable.However, I have not, for example, had a chance to test thisunder heavy load, or, for example, initiating thison a server with existing sites that use the orderfiletags... but, it looks like a nice feature that SMSI created underthe radar so far and it would be really cool if this featureworked on existing sites that use the orderfile tags.I will have time to test this more thoroughly in the future,but if someone else has the means and time, please reportback your findings!Donovan-- Donovan D. Brooke PH: 1 (608) 770-3822------------------------------------------------VPWebDNA Software Corporation16192 Coastal HighwayLewes, DE 19958
Associated Messages, from the most recent to the oldest:
Regarding security, one thing that is new inCICADA is the ability to encrypt (as an option)certain sensitive orderfile information.. suchas "accountnum". This is one area that I wouldlike for people to test, because I haveonly had the chance to test it marginally. Sofar, my tests are that it works. ;-)For example, (only for CICADA owners) activate anorderfile encryption (in the admin pages) and, ona template, do a :[setheader cart=[cart]]accountnum=4111111111111111[/setheader](remember to have the "ShoppingCarts"directory in the same root as your test template)If you look in the orderfile that was created after hittingthat template ("less " in a terminalwindow), you will see your encrypted accountnum value.Then doing a:[orderfile cart=[cart]][accountnum][/orderfile]The encrypted value is magically decrypted and viewable.However, I have not, for example, had a chance to test thisunder heavy load, or, for example, initiating thison a server with existing sites that use the orderfiletags... but, it looks like a nice feature that SMSI created underthe radar so far and it would be really cool if this featureworked on existing sites that use the orderfile tags.I will have time to test this more thoroughly in the future,but if someone else has the means and time, please reportback your findings!Donovan-- Donovan D. Brooke PH: 1 (608) 770-3822------------------------------------------------VPWebDNA Software Corporation16192 Coastal HighwayLewes, DE 19958
Donovan Brooke
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
ACGI processing for .html (1997)
MacAuthorize order data fields WAS:How To question... (1997)
Email notification to one of multiple vendors ? (1997)
Questions To Answer (1997)
WebCatalog2 Feature Feedback (1996)
hideif/showif causes error if wrapped around searches (2003)
Webcat run amuk (2002)
WCS Newbie question (1997)
date math (2005)
Custom Shipping Charges (1997)
Using Plug-In while running 1.6.1 (1997)
Re:2nd WebCatalog2 Feature Request (1996)
[subtotal] and others (1997)
Secure server question (1997)
[Sum] function? (1997)
Commitdatabase tag (1998)
anyone using iBill on MacOS/WebStar (2000)
WordBreak Qestion (1998)
syntax question, not in online refernce (1997)
Date as number and Cart partially explained (2001)