Re: [WebDNA] Security best practice

This WebDNA talk-list message is from

2009

It keeps the original formatting. numero = 101851
interpreted = N
texte = Regarding security, one thing that is new inCICADA is the ability to encrypt (as an option)certain sensitive orderfile information.. suchas "accountnum". This is one area that I wouldlike for people to test, because I haveonly had the chance to test it marginally. Sofar, my tests are that it works. ;-)For example, (only for CICADA owners) activate anorderfile encryption (in the admin pages) and, ona template, do a :[setheader cart=[cart]]accountnum=4111111111111111[/setheader](remember to have the "ShoppingCarts"directory in the same root as your test template)If you look in the orderfile that was created after hittingthat template ("less " in a terminalwindow), you will see your encrypted accountnum value.Then doing a:[orderfile cart=[cart]][accountnum][/orderfile]The encrypted value is magically decrypted and viewable.However, I have not, for example, had a chance to test thisunder heavy load, or, for example, initiating thison a server with existing sites that use the orderfiletags... but, it looks like a nice feature that SMSI created underthe radar so far and it would be really cool if this featureworked on existing sites that use the orderfile tags.I will have time to test this more thoroughly in the future,but if someone else has the means and time, please reportback your findings!Donovan-- Donovan D. Brooke PH: 1 (608) 770-3822------------------------------------------------VPWebDNA Software Corporation16192 Coastal HighwayLewes, DE 19958 Associated Messages, from the most recent to the oldest:

Re: [WebDNA] Security best practice (Donovan Brooke 2009)
Re: [WebDNA] Security best practice (Terry Wilson 2009)
Re: [WebDNA] Security best practice (Clint Davis 2009)
Re: [WebDNA] Security best practice (Terry Wilson 2009)
Re: [WebDNA] Security best practice (Donovan Brooke 2009)
Re: [WebDNA] Security best practice (Donovan Brooke 2009)
[WebDNA] Security best practice ("Tom Duke" 2009)

Regarding security, one thing that is new inCICADA is the ability to encrypt (as an option)certain sensitive orderfile information.. suchas "accountnum". This is one area that I wouldlike for people to test, because I haveonly had the chance to test it marginally. Sofar, my tests are that it works. ;-)For example, (only for CICADA owners) activate anorderfile encryption (in the admin pages) and, ona template, do a :[setheader cart=[cart]]accountnum=4111111111111111[/setheader](remember to have the "ShoppingCarts"directory in the same root as your test template)If you look in the orderfile that was created after hittingthat template ("less " in a terminalwindow), you will see your encrypted accountnum value.Then doing a:[orderfile cart=[cart]][accountnum][/orderfile]The encrypted value is magically decrypted and viewable.However, I have not, for example, had a chance to test thisunder heavy load, or, for example, initiating thison a server with existing sites that use the orderfiletags... but, it looks like a nice feature that SMSI created underthe radar so far and it would be really cool if this featureworked on existing sites that use the orderfile tags.I will have time to test this more thoroughly in the future,but if someone else has the means and time, please reportback your findings!Donovan-- Donovan D. Brooke PH: 1 (608) 770-3822------------------------------------------------VPWebDNA Software Corporation16192 Coastal HighwayLewes, DE 19958 Donovan Brooke

DOWNLOAD WEBDNA NOW!

Re: [WebDNA] Security best practice

2009

Top Articles:

Related Readings: