Re: CERT Advisory on malicious scripts

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 27020
interpreted = N
texte = At 3:23 PM 2/3/00, Kenneth Grome wrote: >> >CERT has released an advisory regarding web based systems, such as >> >message boards, and their ability to include malicious scripts. Does >> >anyone have any quick method for recognizing mailcious code from form >> >entries processed by webCat? >> >> The simplest method to prevent this problem is to strip the < character >>from your form values using a special db with convertchars to convert it >>to nothing. This effectively prevents people from creating HTML tags.Would [url] encoding every user entered text field that is to be displayed work as a quick stop gap? In otherwords, if someone has included any html in their entries and that data is now in the database, and we want to display it back to some other visitor, encoding it would make it, for example, <form.... and so it wouldn't be recognized by the receiver's browser as html.??? ------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re: CERT Advisory on malicious scripts (Kenneth Grome 2000)
  2. Re: CERT Advisory on malicious scripts (Miguel Castaneda 2000)
  3. Re: CERT Advisory on malicious scripts (Kenneth Grome 2000)
  4. Re: CERT Advisory on malicious scripts (John Butler 2000)
  5. Re: CERT Advisory on malicious scripts (Joseph D'Andrea 2000)
  6. Re: CERT Advisory on malicious scripts (Kenneth Grome 2000)
  7. Re: CERT Advisory on malicious scripts (Joseph D'Andrea 2000)
  8. Re: CERT Advisory on malicious scripts (The Mooseman 2000)
  9. Re: CERT Advisory on malicious scripts (Alex McCombie 2000)
  10. Re: CERT Advisory on malicious scripts (Kenneth Grome 2000)
  11. CERT Advisory on malicious scripts (Joseph D'Andrea 2000)
At 3:23 PM 2/3/00, Kenneth Grome wrote: >> >CERT has released an advisory regarding web based systems, such as >> >message boards, and their ability to include malicious scripts. Does >> >anyone have any quick method for recognizing mailcious code from form >> >entries processed by webCat? >> >> The simplest method to prevent this problem is to strip the < character >>from your form values using a special db with convertchars to convert it >>to nothing. This effectively prevents people from creating HTML tags.Would [url] encoding every user entered text field that is to be displayed work as a quick stop gap? In otherwords, if someone has included any html in their entries and that data is now in the database, and we want to display it back to some other visitor, encoding it would make it, for example, <form.... and so it wouldn't be recognized by the receiver's browser as html.??? ------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Joseph D'Andrea

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Explorer 3.0/ Access Denied! (1997) Modifying order output (1997) Multiple cart additions (1997) [OT] Weird Characters (2004) Paranoid about serial numbers...not (1998) emailer settings and control questions (1997) Working machines (was alternatives for WebDNA) (2004) [convertChars] and HTML Tags (1997) [WebDNA] Format Days_To_Date (2008) Live server problems (1999) Enhancement Request for WebCatalog-NT (1996) [TEXT SECURE=T] (2000) URL for Discussion Archive (1997) ReplaceFoundItems Problem (2003) Prevent Caching js Files (2003) calculating tax rates, mail order solutions and version 2 (1997) macosx 1 process, linux N processes, macosx chokes under load (2001) Encrypting userid for email (2000) Cookie problems using Mozilla and Camino browsers (2004) HomePage Caution (1997)