Re: Re[2]: Problem with new formvariables
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 31210
interpreted = N
texte = >> This is not an undocumented feature. It is the published behaviour of>> variables.> > AFAIK, there has never been documentation one way or the other. I> certainly don't recall writing official documents about the specific> order of evaluation of form variables over text variables. And even> if it was documented this way, it's a security hole and must be fixed.> > So let's get back to viable workarounds.The security hole appears only when you use a variable in your template thatyou use to give some access to some parts of the script, and see thetemplate have a different behaviour.It only happens 1% of the time.The current hierarchy is great... It is just GREAT. It is one of thosefeatures in WebCatalog that made me advertise and promote it.Now, if there is a security issue linked to that feature, let's find asolution.You remid me of a person in my company who said: let's stop sellingproducts on this web site, because it is a pain to ship all those products,because of this and this problem. Instead of correcting those problems (andfor all of them we came with a solution), this person wanted to get rid ofthe problems by getting rid of the source (more money coming in from theweb).You are doing just the same. WC has a great feature which creates a securityissue. And you, instead of saying ok, let's come with a fix to this issueby making some variables more secure, you say: naaah, let's trash thegreat feature.We are EXPERIENCED Web Catalog users. We know the product inside out. Listento what we say: we are not DUMB.#############################################################This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Associated Messages, from the most recent to the oldest:
>> This is not an undocumented feature. It is the published behaviour of>> variables.> > AFAIK, there has never been documentation one way or the other. I> certainly don't recall writing official documents about the specific> order of evaluation of form variables over text variables. And even> if it was documented this way, it's a security hole and must be fixed.> > So let's get back to viable workarounds.The security hole appears only when you use a variable in your template thatyou use to give some access to some parts of the script, and see thetemplate have a different behaviour.It only happens 1% of the time.The current hierarchy is great... It is just GREAT. It is one of thosefeatures in WebCatalog that made me advertise and promote it.Now, if there is a security issue linked to that feature, let's find asolution.You remid me of a person in my company who said: let's stop sellingproducts on this web site, because it is a pain to ship all those products,because of this and this problem. Instead of correcting those problems (andfor all of them we came with a solution), this person wanted to get rid ofthe problems by getting rid of the source (more money coming in from theweb).You are doing just the same. WC has a great feature which creates a securityissue. And you, instead of saying ok, let's come with a fix to this issueby making some variables more secure, you say: naaah, let's trash thegreat feature.We are EXPERIENCED Web Catalog users. We know the product inside out. Listento what we say: we are not DUMB.#############################################################This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Nicolas Verhaeghe
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Hosts who have upgraded to v5.0? (2003)
migrating from MacOS to unix (2000)
Late on Friday.... brain fried (2002)
Some Questions (1997)
Cookie woes with Mac IE4 (1998)
Setting up WebCatalog with Retail Pro data (1996)
Re:quit command on NT (1997)
Code sample - links.tpl (2002)
Shipping calculations (1997)
New Plug-in and Type 11 errors (1997)
Grant, please help me ... (1997)
Summing fields (1997)
Bug Report, maybe (1997)
[WebDNA] Wishlist: ignore whitespace in database changes (2016)
WebCat2.0 [format thousands .0f] no go (1997)
Fits with error message (2001)
Using Plug-In while running 1.6.1 (1997)
donation (2000)
Micro-managing External Links (2006)
FM and Webcat together? (1998)