Re: Re[2]: Problem with new formvariables
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 31210
interpreted = N
texte = >> This is not an undocumented feature. It is the published behaviour of>> variables.> > AFAIK, there has never been documentation one way or the other. I> certainly don't recall writing official documents about the specific> order of evaluation of form variables over text variables. And even> if it was documented this way, it's a security hole and must be fixed.> > So let's get back to viable workarounds.The security hole appears only when you use a variable in your template thatyou use to give some access to some parts of the script, and see thetemplate have a different behaviour.It only happens 1% of the time.The current hierarchy is great... It is just GREAT. It is one of thosefeatures in WebCatalog that made me advertise and promote it.Now, if there is a security issue linked to that feature, let's find asolution.You remid me of a person in my company who said: let's stop sellingproducts on this web site, because it is a pain to ship all those products,because of this and this problem. Instead of correcting those problems (andfor all of them we came with a solution), this person wanted to get rid ofthe problems by getting rid of the source (more money coming in from theweb).You are doing just the same. WC has a great feature which creates a securityissue. And you, instead of saying ok, let's come with a fix to this issueby making some variables more secure, you say: naaah, let's trash thegreat feature.We are EXPERIENCED Web Catalog users. We know the product inside out. Listento what we say: we are not DUMB.#############################################################This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Associated Messages, from the most recent to the oldest:
>> This is not an undocumented feature. It is the published behaviour of>> variables.> > AFAIK, there has never been documentation one way or the other. I> certainly don't recall writing official documents about the specific> order of evaluation of form variables over text variables. And even> if it was documented this way, it's a security hole and must be fixed.> > So let's get back to viable workarounds.The security hole appears only when you use a variable in your template thatyou use to give some access to some parts of the script, and see thetemplate have a different behaviour.It only happens 1% of the time.The current hierarchy is great... It is just GREAT. It is one of thosefeatures in WebCatalog that made me advertise and promote it.Now, if there is a security issue linked to that feature, let's find asolution.You remid me of a person in my company who said: let's stop sellingproducts on this web site, because it is a pain to ship all those products,because of this and this problem. Instead of correcting those problems (andfor all of them we came with a solution), this person wanted to get rid ofthe problems by getting rid of the source (more money coming in from theweb).You are doing just the same. WC has a great feature which creates a securityissue. And you, instead of saying ok, let's come with a fix to this issueby making some variables more secure, you say: naaah, let's trash thegreat feature.We are EXPERIENCED Web Catalog users. We know the product inside out. Listento what we say: we are not DUMB.#############################################################This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Nicolas Verhaeghe
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Line items in table cells (1997)
WebCatalog for guestbook ? (1997)
Summing fields (1997)
access denied problem (1997)
My Eyes doth deceive me (2002)
is this how [break] works? (1998)
Creating folders and deleting files (1997)
setting taxable to true (1997)
when is date system date or order date? (1997)
[cart] clarification... (1997)
Multiple security dbs (1997)
Version f1 status (1997)
More on the email templates (I like it) (1997)
numfound question (2005)
Shopping Cart Limits? (1998)
failed installs on OS X Server 10.2.6/XServe/WebStar (2003)
encrypt (2000)
webmerchant and check cashing (1998)
Emailer [cart] file names (1997)
File Upload (1997)