Re: [WebDNA] PCI Vulnerability testing

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102398
interpreted = N
texte = It seems removeHTML is a way to go although I have not tested what happens with URLed characters. If going grep or getchars, I would use a white list and not limit the length. Otherwise long variables will pass the troublesome code. Bill On Mon, Apr 13, 2009 at 3:09 PM, Govinda wro= te: > =A0[removehtml][userInput][/removehtml] > -G > On Apr 13, 2009, at 12:47 PM, William DeVaul wrote: > >> I have no idea about a server level fix. =A0This goes to never trusting >> user input. =A0I thought it should always be surrounded by [raw] and >> [url] to prevent this. >> >> What do others do? >> >> Bill > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ > Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009)
  2. Re: [WebDNA] PCI Vulnerability testing (Jeffrey Jones 2009)
  3. Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009)
  4. Re: [WebDNA] PCI Vulnerability testing (William DeVaul 2009)
  5. Re: [WebDNA] PCI Vulnerability testing (Jeffrey Jones 2009)
  6. Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009)
  7. Re: [WebDNA] PCI Vulnerability testing (Govinda 2009)
  8. Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009)
  9. Re: [WebDNA] PCI Vulnerability testing (Govinda 2009)
  10. Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009)
  11. Re: [WebDNA] PCI Vulnerability testing (William DeVaul 2009)
  12. Re: [WebDNA] PCI Vulnerability testing (Govinda 2009)
  13. Re: [WebDNA] PCI Vulnerability testing (Marc Thompson 2009)
  14. Re: [WebDNA] PCI Vulnerability testing (William DeVaul 2009)
  15. [WebDNA] PCI Vulnerability testing (Bob Minor 2009)
It seems removeHTML is a way to go although I have not tested what happens with URLed characters. If going grep or getchars, I would use a white list and not limit the length. Otherwise long variables will pass the troublesome code. Bill On Mon, Apr 13, 2009 at 3:09 PM, Govinda wro= te: > =A0[removehtml][userInput][/removehtml] > -G > On Apr 13, 2009, at 12:47 PM, William DeVaul wrote: > >> I have no idea about a server level fix. =A0This goes to never trusting >> user input. =A0I thought it should always be surrounded by [raw] and >> [url] to prevent this. >> >> What do others do? >> >> Bill > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ > William DeVaul

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[SearchString] problem with [search] context (1997) using showpage and showcart commands (1996) [WebDNA] Foreign characters (2009) (2009) [browsername] not working? (1997) WebTen and WebCat (1997) How can I Add several Items into the cart at once? (1997) WebCat2 - many [carts] on one template page? (1997) Tax Rates returns only 0.00 (2000) Sorting (1998) [WebDNA] File Include HTM (2008) Calculating multiple shipping... (1997) Unexpected comparison behavior change in 4.5.1 (2003) WebCatalog on Windows 98 (2000) HELP WITH DATES (1997) WebDNA and ASP on Same Server (2004) webCatalog, OSX, and WebStar (2001) UPPERCASE (1997) Summary search -- speed (1997) ListVariables Problem (2003) sku not found (1997)