Re: Re[2]: Problem with new formvariables

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31210
interpreted = N
texte = >> This is not an undocumented feature. It is the published behaviour of >> variables. > > AFAIK, there has never been documentation one way or the other. I > certainly don't recall writing official documents about the specific > order of evaluation of form variables over text variables. And even > if it was documented this way, it's a security hole and must be fixed. > > So let's get back to viable workarounds.The security hole appears only when you use a variable in your template that you use to give some access to some parts of the script, and see the template have a different behaviour.It only happens 1% of the time.The current hierarchy is great... It is just GREAT. It is one of those features in WebCatalog that made me advertise and promote it.Now, if there is a security issue linked to that feature, let's find a solution.You remid me of a person in my company who said: let's stop selling products on this web site, because it is a pain to ship all those products, because of this and this problem. Instead of correcting those problems (and for all of them we came with a solution), this person wanted to get rid of the problems by getting rid of the source (more money coming in from the web).You are doing just the same. WC has a great feature which creates a security issue. And you, instead of saying ok, let's come with a fix to this issue by making some variables more secure, you say: naaah, let's trash the great feature.We are EXPERIENCED Web Catalog users. We know the product inside out. Listen to what we say: we are not DUMB. ############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re[2]: Problem with new formvariables (Christer Olsson 2000)
  2. Re: Re[2]: Problem with new formvariables (Nicolas Verhaeghe 2000)
  3. Re: Re[2]: Problem with new formvariables (Grant Hulbert 2000)
  4. Re: Re[2]: Problem with new formvariables (Nicolas Verhaeghe 2000)
  5. Re[2]: Problem with new formvariables (Grant Hulbert 2000)
  6. Re[2]: Problem with new formvariables (Joseph D'Andrea 2000)
  7. Re[2]: Problem with new formvariables (jpeacock@univpress.com 2000)
>> This is not an undocumented feature. It is the published behaviour of >> variables. > > AFAIK, there has never been documentation one way or the other. I > certainly don't recall writing official documents about the specific > order of evaluation of form variables over text variables. And even > if it was documented this way, it's a security hole and must be fixed. > > So let's get back to viable workarounds.The security hole appears only when you use a variable in your template that you use to give some access to some parts of the script, and see the template have a different behaviour.It only happens 1% of the time.The current hierarchy is great... It is just GREAT. It is one of those features in WebCatalog that made me advertise and promote it.Now, if there is a security issue linked to that feature, let's find a solution.You remid me of a person in my company who said: let's stop selling products on this web site, because it is a pain to ship all those products, because of this and this problem. Instead of correcting those problems (and for all of them we came with a solution), this person wanted to get rid of the problems by getting rid of the source (more money coming in from the web).You are doing just the same. WC has a great feature which creates a security issue. And you, instead of saying ok, let's come with a fix to this issue by making some variables more secure, you say: naaah, let's trash the great feature.We are EXPERIENCED Web Catalog users. We know the product inside out. Listen to what we say: we are not DUMB. ############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Nicolas Verhaeghe

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Hosts who have upgraded to v5.0? (2003) migrating from MacOS to unix (2000) Late on Friday.... brain fried (2002) Some Questions (1997) Cookie woes with Mac IE4 (1998) Setting up WebCatalog with Retail Pro data (1996) Re:quit command on NT (1997) Code sample - links.tpl (2002) Shipping calculations (1997) New Plug-in and Type 11 errors (1997) Grant, please help me ... (1997) Summing fields (1997) Bug Report, maybe (1997) [WebDNA] Wishlist: ignore whitespace in database changes (2016) WebCat2.0 [format thousands .0f] no go (1997) Fits with error message (2001) Using Plug-In while running 1.6.1 (1997) donation (2000) Micro-managing External Links (2006) FM and Webcat together? (1998)