texte = --001a1134a67a173b8104e7c8bedcContent-Type: text/plain; charset=UTF-8Dan,Hi - thanks for your feedback - it's definitely helpful.One initial question re: your 256 char seed, I thought (from the docs) thatthe seed length was limited to eight characters?One idea I'm thinking through, which I pretty sure was mentioned on thelist before, is to include a client specific seed and other things such asAPI keys in an encrypted template. Maybe set up a few custom functions onthe template so the seed could never be exposed as a variable even if ahacker got access to the source code.A difficulty I have though is that I can't document to a client how[encrypt] and [cart] work. I use [encrypt] for storing passwords, and[cart] for generating session cookies.While I can understand that WebDNA may not want to divulge how these tagswork, it leaves me with a situation where all I can say to a client is'trust us'. I can't state the level of predictability of [cart], or thelevels of cryptography used in [encrypt].- Tom--001a1134a67a173b8104e7c8bedcContent-Type: text/html; charset=UTF-8Content-Transfer-Encoding: quoted-printable
Dan,
Hi - thanks for your feedback - it='s definitely helpful. =C2=A0 =C2=A0
One initi=al question re: your 256 char seed, I thought (from the docs) that the seed= length was limited to eight characters?=C2=A0
One idea I'm thinking through, which I pretty sure =was mentioned on the list before, is to include a client specific seed and =other things such as API keys in an encrypted template. =C2=A0Maybe set up =a few custom functions on the template so the seed could never be exposed a=s a variable even if a hacker got access to the source code.
A difficulty I have though is that I can't document= to a client how [encrypt] and [cart] work. =C2=A0 I use [encrypt] for stor=ing passwords, and [cart] for generating session cookies. =C2=A0=C2=A0
While I can understand that WebDNA may not want to divulge how these t=ags work, it leaves me with a situation where all I can say to a client is ='trust us'. =C2=A0I can't state the level of predictability of =[cart], or the levels of cryptography used in [encrypt].=C2=A0
- Tom
--001a1134a67a173b8104e7c8bedc--
Associated Messages, from the most recent to the oldest:
--001a1134a67a173b8104e7c8bedcContent-Type: text/plain; charset=UTF-8Dan,Hi - thanks for your feedback - it's definitely helpful.One initial question re: your 256 char seed, I thought (from the docs) thatthe seed length was limited to eight characters?One idea I'm thinking through, which I pretty sure was mentioned on thelist before, is to include a client specific seed and other things such asAPI keys in an encrypted template. Maybe set up a few custom functions onthe template so the seed could never be exposed as a variable even if ahacker got access to the source code.A difficulty I have though is that I can't document to a client how
[encrypt] and
[cart] work. I use
[encrypt] for storing passwords, and
[cart] for generating session cookies.While I can understand that WebDNA may not want to divulge how these tagswork, it leaves me with a situation where all I can say to a client is'trust us'. I can't state the level of predictability of
[cart], or thelevels of cryptography used in
[encrypt].- Tom--001a1134a67a173b8104e7c8bedcContent-Type: text/html; charset=UTF-8Content-Transfer-Encoding: quoted-printable