Re: No subject given

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31348
interpreted = N
texte = >With that in mind, I have to change my mind and go with the [text secure=f] >mode. This will require updates to existing template, and may even include >massive rewrites. The worst case scenario would have all instances of [text] >replaced with [text secure=f], which would then put the onus for the lack of >security on the programmer involved. > >But since the security failure of the present model has now been >revealed, this >is the only prudent course of action. I don't think that there should be a >system option to make the reverse (insecure mode) be the default behavior. I agree 100%. It only makes sense to change the default to secure, given the fact that this really is a security issue in some situations, depending upon how certain variables are used. Besides, the global changes to any existing site would be minimal in order to maintain backward compatibility, requiring no more than three passes in bbedit:1- change [text] to [text secure=f] 2- change [text show=f] to [text show=f&secure=f] 3- change [text show=t] to [text show=t&secure=f]Once these three passes are performed, all our old sites will gain the advantage of having the new secure variable hierarchy to work with wherever we need it -- without breaking things. ================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re: Grepping text variable tags (was: Re: No subject given) (John Butler 2000)
  2. Re: Grepping text variable tags (was: Re: No subject given) (John Peacock 2000)
  3. Re: Grepping text variable tags (was: Re: No subject given) (John Peacock 2000)
  4. Re: Grepping text variable tags (was: Re: No subject given) (Chuck Rice 2000)
  5. Re: Grepping text variable tags (was: Re: No subject given) (Kenneth Grome 2000)
  6. Re: Grepping text variable tags (was: Re: No subject given) (Jereme Claussen 2000)
  7. Re: Grepping text variable tags (was: Re: No subject given) (Kenneth Grome 2000)
  8. Grepping text variable tags (was: Re: No subject given) (Rob Marquardt 2000)
  9. Re: No subject given (Jereme Claussen 2000)
  10. Re: No subject given (Kenneth Grome 2000)
  11. Re: No subject given (John Peacock 2000)
  12. Re: No subject given (Jereme Claussen 2000)
  13. Re: No subject given (John Peacock 2000)
  14. Re: No subject given (Kenneth Grome 2000)
  15. No subject given (jpeacock@univpress.com 2000)
>With that in mind, I have to change my mind and go with the [text secure=f] >mode. This will require updates to existing template, and may even include >massive rewrites. The worst case scenario would have all instances of [text] >replaced with [text secure=f], which would then put the onus for the lack of >security on the programmer involved. > >But since the security failure of the present model has now been >revealed, this >is the only prudent course of action. I don't think that there should be a >system option to make the reverse (insecure mode) be the default behavior. I agree 100%. It only makes sense to change the default to secure, given the fact that this really is a security issue in some situations, depending upon how certain variables are used. Besides, the global changes to any existing site would be minimal in order to maintain backward compatibility, requiring no more than three passes in bbedit:1- change [text] to [text secure=f] 2- change [text show=f] to [text show=f&secure=f] 3- change [text show=t] to [text show=t&secure=f]Once these three passes are performed, all our old sites will gain the advantage of having the new secure variable hierarchy to work with wherever we need it -- without breaking things. ================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Saturday [encrypt] blues.... (2000) Protect (1997) WebMerchant problem (1998) SendMail context not working on CentOS 4 (2007) [WebDNA] Sorry WebDNA server not running /Template ERROR/ Slow speeds (2019) Not really WebCat (1997) More Applescript (1997) Fwd: Problems with Webcatalog Plug-in (1997) PCS Emailer's role ? (1997) Showing unopened cart (1997) dreamweaver mx (2002) Emailer setup (1997) [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (2009) [WebDNA] Image resizing on the fly (2012) Never Mind - Was - Credit Card Processing (2000) Speaking of... (1999) 2.0 Info (1997) Wanted: Broader string manipulation functions (1997) [WebDNA] Session timeout solution (2010) Loops and [index] (1998)