Re: Re[2]: Problem with new formvariables

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31210
interpreted = N
texte = >> This is not an undocumented feature. It is the published behaviour of >> variables. > > AFAIK, there has never been documentation one way or the other. I > certainly don't recall writing official documents about the specific > order of evaluation of form variables over text variables. And even > if it was documented this way, it's a security hole and must be fixed. > > So let's get back to viable workarounds.The security hole appears only when you use a variable in your template that you use to give some access to some parts of the script, and see the template have a different behaviour.It only happens 1% of the time.The current hierarchy is great... It is just GREAT. It is one of those features in WebCatalog that made me advertise and promote it.Now, if there is a security issue linked to that feature, let's find a solution.You remid me of a person in my company who said: let's stop selling products on this web site, because it is a pain to ship all those products, because of this and this problem. Instead of correcting those problems (and for all of them we came with a solution), this person wanted to get rid of the problems by getting rid of the source (more money coming in from the web).You are doing just the same. WC has a great feature which creates a security issue. And you, instead of saying ok, let's come with a fix to this issue by making some variables more secure, you say: naaah, let's trash the great feature.We are EXPERIENCED Web Catalog users. We know the product inside out. Listen to what we say: we are not DUMB. ############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re[2]: Problem with new formvariables (Christer Olsson 2000)
  2. Re: Re[2]: Problem with new formvariables (Nicolas Verhaeghe 2000)
  3. Re: Re[2]: Problem with new formvariables (Grant Hulbert 2000)
  4. Re: Re[2]: Problem with new formvariables (Nicolas Verhaeghe 2000)
  5. Re[2]: Problem with new formvariables (Grant Hulbert 2000)
  6. Re[2]: Problem with new formvariables (Joseph D'Andrea 2000)
  7. Re[2]: Problem with new formvariables (jpeacock@univpress.com 2000)
>> This is not an undocumented feature. It is the published behaviour of >> variables. > > AFAIK, there has never been documentation one way or the other. I > certainly don't recall writing official documents about the specific > order of evaluation of form variables over text variables. And even > if it was documented this way, it's a security hole and must be fixed. > > So let's get back to viable workarounds.The security hole appears only when you use a variable in your template that you use to give some access to some parts of the script, and see the template have a different behaviour.It only happens 1% of the time.The current hierarchy is great... It is just GREAT. It is one of those features in WebCatalog that made me advertise and promote it.Now, if there is a security issue linked to that feature, let's find a solution.You remid me of a person in my company who said: let's stop selling products on this web site, because it is a pain to ship all those products, because of this and this problem. Instead of correcting those problems (and for all of them we came with a solution), this person wanted to get rid of the problems by getting rid of the source (more money coming in from the web).You are doing just the same. WC has a great feature which creates a security issue. And you, instead of saying ok, let's come with a fix to this issue by making some variables more secure, you say: naaah, let's trash the great feature.We are EXPERIENCED Web Catalog users. We know the product inside out. Listen to what we say: we are not DUMB. ############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Nicolas Verhaeghe

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Line items in table cells (1997) WebCatalog for guestbook ? (1997) Summing fields (1997) access denied problem (1997) My Eyes doth deceive me (2002) is this how [break] works? (1998) Creating folders and deleting files (1997) setting taxable to true (1997) when is date system date or order date? (1997) [cart] clarification... (1997) Multiple security dbs (1997) Version f1 status (1997) More on the email templates (I like it) (1997) numfound question (2005) Shopping Cart Limits? (1998) failed installs on OS X Server 10.2.6/XServe/WebStar (2003) encrypt (2000) webmerchant and check cashing (1998) Emailer [cart] file names (1997) File Upload (1997)