Re: Major Security Hole

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 18815
interpreted = N
texte = >BUT Macs are susceptible to this as well! And you can't, or at least I >couldn't, map .tmpl::$DATA to webcatalog. It still reveals the WebDNA tags. >NOT good if you are showing and hiding text based on passwords like [showif >[password]=3294.bob]. Now it becomes simple to find the once hidden >passwords.Yes, the $ is the problem here, but I don't see your symptom. When I type a URL like that I get password-challenged (because $DATA is not one of the commands WebCatalog allows without a password). Do you have your WebCatalog preferences set up to only allow certain $commands, or do you let them all thru?Technical Support | ==== eCommerce and Beyond ==== Pacific Coast Software | WebCatalog, WebMerchant, 11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, San Diego, CA 92128 | Typhoon 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  2. Re: Major Security Hole (Kenneth Grome 1998)
  3. Re: Major Security Hole (Peter Ostry 1998)
  4. Re: Major Security Hole (Paul Uttermohlen 1998)
  5. Re: Major Security Hole (solution with Welcome) (Peter Ostry 1998)
  6. Re: Major Security Hole (Charles Kefauver 1998)
  7. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  8. Re: Major Security Hole (PCS Technical Support 1998)
  9. Re: Major Security Hole (Peter Ostry 1998)
  10. Re: Major Security Hole (Dan Tryon 1998)
  11. Re: Major Security Hole (Jim Turney 1998)
  12. Re: Major Security Hole (Peter Ostry 1998)
  13. Re: Major Security Hole (Paul Uttermohlen 1998)
  14. Re: Major Security Hole (Bob Minor 1998)
  15. Re: Major Security Hole (Dan Tryon 1998)
  16. Re: Major Security Hole (Brian Willson 1998)
  17. Re: Major Security Hole (Britt T. 1998)
  18. Re: Major Security Hole (Paul Uttermohlen 1998)
  19. Re: Major Security Hole (Dave MacLeay 1998)
  20. Re: Major Security Hole (Bob Minor 1998)
  21. Re: Major Security Hole (Peter Ostry 1998)
  22. Re: Major Security Hole (PCS Technical Support 1998)
  23. Major Security Hole (Paul Uttermohlen 1998)
  24. Re: Major Security Hole IIS NT (Bob Minor 1998)
  25. Re: Major Security Hole IIS NT (greg 1998)
  26. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  27. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  28. RE: Major Security Hole IIS NT (PCS Technical Support 1998)
  29. RE: Major Security Hole IIS NT (Olin 1998)
  30. Re: Major Security Hole IIS NT (Bob Minor 1998)
  31. Re: Major Security Hole IIS NT (PCS Technical Support 1998)
  32. Re: Major Security Hole IIS NT (Bob Minor 1998)
  33. Re: Major Security Hole IIS NT (Peter Ostry 1998)
  34. Re: Major Security Hole IIS NT (Bob Minor 1998)
  35. Re: Major Security Hole IIS NT (Bob Minor 1998)
  36. Major Security Hole IIS NT (Bob Minor 1998)
  37. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  38. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  39. Re: Major Security Hole IIS NT (Chuck Wall 1998)
  40. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  41. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  42. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  43. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
>BUT Macs are susceptible to this as well! And you can't, or at least I >couldn't, map .tmpl::$DATA to webcatalog. It still reveals the WebDNA tags. >NOT good if you are showing and hiding text based on passwords like [showif >[password]=3294.bob]. Now it becomes simple to find the once hidden >passwords.Yes, the $ is the problem here, but I don't see your symptom. When I type a URL like that I get password-challenged (because $DATA is not one of the commands WebCatalog allows without a password). Do you have your WebCatalog preferences set up to only allow certain $commands, or do you let them all thru?Technical Support | ==== eCommerce and Beyond ==== Pacific Coast Software | WebCatalog, WebMerchant, 11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, San Diego, CA 92128 | Typhoon 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ PCS Technical Support

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

taxTotal, too (1997) WebMerch/Emailer Error (1998) Freeze (2003) Email within tmpl ? (1997) dollar $ signs in database (2000) Log-in Scheme (2003) Emailer setup (1997) [OT] Apple and 128bit SSL (2003) Great product and great job ! (1997) Upload via Browser (1999) Beta Documentation (1997) The IBC root beer has arrived! (1997) WebCat2b15MacPlugin - showing [math] (1997) OT: Poll Please (2002) Re: (2000) Calculating multiple shipping... (1997) Download URL & access on the fly ? (1997) Writing files (2000) [HIDEIF] inside [FOUNDITEM] (1997) Credit card types (1997)