Re: Protecting webdelivery

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 11830
interpreted = N
texte = I assume the scenario you're trying to prevent is this:1) A hacker discovers the cart id during the non-SSL session, by using packet-sniffing software 2) The hacker uses this [cart].html as a URL to get to the webdelivery meant for someone else, by going to that URL during a 24-hour period after they think the card was cleared>1. how to go about generating this unique username/password pair?You can probably do pretty well by using 2 databases that contain about 100 english words (or random text) each, and performing a search with random sorting on each one. Sticking those 2 words together can generate a pretty good password. The cart id is probably OK for the username.On the ThankYou page (SSL) you would give them this combination of username/password, and you would also set a couple of the order file's header fields (header39 and header40) to these same values so you could generate the WebDNA that will be saves in the webdelivery page.> b. I really don't want to use (Mac)PERL to try and clean out the file, but I could see that as a possibility - although I'd have to make sure the RAM copy of the .db got synced as well - right?I'm not sure what you're cleaning out here, unless you're talking about some sort of database that contains all the username/passwords. But if you use my technique, there is no database -- the username/password is written directly into the webdelivery file like so:--- WebDelivery.html --- [showif [username]![header39]] [authenticate yadaya] [/showif] [showif [password]![header40]] [authenticate yadaya] [/showif]Thanks for picking up your product! Grant Hulbert, V.P. Engineering | ===== Tools for WebWarriors ===== Pacific Coast Software | WebCatalog Pro, WebCommerce Solution 11770 Bernardo Plaza Court | SiteEdit Pro, SiteCheck, PhotoMaster San Diego, CA 92128 | SiteGuard 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Associated Messages, from the most recent to the oldest:

    
  1. Re: Protecting webdelivery (Dan Keldsen 1997)
  2. Re: Protecting webdelivery (Grant Hulbert 1997)
  3. Protecting webdelivery (Dan Keldsen 1997)
I assume the scenario you're trying to prevent is this:1) A hacker discovers the cart id during the non-SSL session, by using packet-sniffing software 2) The hacker uses this [cart].html as a URL to get to the webdelivery meant for someone else, by going to that URL during a 24-hour period after they think the card was cleared>1. how to go about generating this unique username/password pair?You can probably do pretty well by using 2 databases that contain about 100 english words (or random text) each, and performing a search with random sorting on each one. Sticking those 2 words together can generate a pretty good password. The cart id is probably OK for the username.On the ThankYou page (SSL) you would give them this combination of username/password, and you would also set a couple of the order file's header fields (header39 and header40) to these same values so you could generate the WebDNA that will be saves in the webdelivery page.> b. I really don't want to use (Mac)PERL to try and clean out the file, but I could see that as a possibility - although I'd have to make sure the RAM copy of the .db got synced as well - right?I'm not sure what you're cleaning out here, unless you're talking about some sort of database that contains all the username/passwords. But if you use my technique, there is no database -- the username/password is written directly into the webdelivery file like so:--- WebDelivery.html --- [showif [username]![header39]] [authenticate yadaya] [/showif] [showif [password]![header40]] [authenticate yadaya] [/showif]Thanks for picking up your product! Grant Hulbert, V.P. Engineering | ===== Tools for WebWarriors ===== Pacific Coast Software | WebCatalog Pro, WebCommerce Solution 11770 Bernardo Plaza Court | SiteEdit Pro, SiteCheck, PhotoMaster San Diego, CA 92128 | SiteGuard 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Grant Hulbert

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] Search Site (2009) Weird error/limit - something amiss? (1997) value=[variable] (2001) So when do we get something similar? (1998) Freeze (2003) WC2.0 Memory Requirements (1997) Initiating NewCart (1997) Showing specific [cart] contents (1998) [WebDNA] naming math vars in v.7 (2010) Problems with [Applescript] (1997) Calendar (1997) Restricting templates from causing havoc (2000) [WebDNA] WebDNA 8.6.4 (2020) One other big addition... (1997) Exclamation point (1997) triggering an update of two frames (1998) forming a SKU (1999) Re:quit command on NT (1997) [WebDNA] Lookup vs. Search (was: 3-5 GB of native WebDNA db...) (2009) RE: Error -108 (1997)