Re: No subject given

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31348
interpreted = N
texte = >With that in mind, I have to change my mind and go with the [text secure=f] >mode. This will require updates to existing template, and may even include >massive rewrites. The worst case scenario would have all instances of [text] >replaced with [text secure=f], which would then put the onus for the lack of >security on the programmer involved. > >But since the security failure of the present model has now been >revealed, this >is the only prudent course of action. I don't think that there should be a >system option to make the reverse (insecure mode) be the default behavior. I agree 100%. It only makes sense to change the default to secure, given the fact that this really is a security issue in some situations, depending upon how certain variables are used. Besides, the global changes to any existing site would be minimal in order to maintain backward compatibility, requiring no more than three passes in bbedit:1- change [text] to [text secure=f] 2- change [text show=f] to [text show=f&secure=f] 3- change [text show=t] to [text show=t&secure=f]Once these three passes are performed, all our old sites will gain the advantage of having the new secure variable hierarchy to work with wherever we need it -- without breaking things. ================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re: Grepping text variable tags (was: Re: No subject given) (John Butler 2000)
  2. Re: Grepping text variable tags (was: Re: No subject given) (John Peacock 2000)
  3. Re: Grepping text variable tags (was: Re: No subject given) (John Peacock 2000)
  4. Re: Grepping text variable tags (was: Re: No subject given) (Chuck Rice 2000)
  5. Re: Grepping text variable tags (was: Re: No subject given) (Kenneth Grome 2000)
  6. Re: Grepping text variable tags (was: Re: No subject given) (Jereme Claussen 2000)
  7. Re: Grepping text variable tags (was: Re: No subject given) (Kenneth Grome 2000)
  8. Grepping text variable tags (was: Re: No subject given) (Rob Marquardt 2000)
  9. Re: No subject given (Jereme Claussen 2000)
  10. Re: No subject given (Kenneth Grome 2000)
  11. Re: No subject given (John Peacock 2000)
  12. Re: No subject given (Jereme Claussen 2000)
  13. Re: No subject given (John Peacock 2000)
  14. Re: No subject given (Kenneth Grome 2000)
  15. No subject given (jpeacock@univpress.com 2000)
>With that in mind, I have to change my mind and go with the [text secure=f] >mode. This will require updates to existing template, and may even include >massive rewrites. The worst case scenario would have all instances of [text] >replaced with [text secure=f], which would then put the onus for the lack of >security on the programmer involved. > >But since the security failure of the present model has now been >revealed, this >is the only prudent course of action. I don't think that there should be a >system option to make the reverse (insecure mode) be the default behavior. I agree 100%. It only makes sense to change the default to secure, given the fact that this really is a security issue in some situations, depending upon how certain variables are used. Besides, the global changes to any existing site would be minimal in order to maintain backward compatibility, requiring no more than three passes in bbedit:1- change [text] to [text secure=f] 2- change [text show=f] to [text show=f&secure=f] 3- change [text show=t] to [text show=t&secure=f]Once these three passes are performed, all our old sites will gain the advantage of having the new secure variable hierarchy to work with wherever we need it -- without breaking things. ================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Just Testing (1997) Proper file locations (1997) WebDNA performance comparisons? (2004) [WebDNA] php -> WebDNA: Can I do this with [tcpconnect]? (2013) [WebDNA] How to use [function] (2012) Need relative path explanation (1997) webcat NT (1998) Signal Raised Error (1997) Secure server question (1997) syntax question, not in online refernce (1997) WC2b15 File Corruption (1997) EIMS Problems (1997) Founditems context returning only 1 item (1997) [showif] based on data from [tcpconnect][tcpsend]? (2000) Web*3 virtual hosting Webcatalog problem (1998) WebCatalog 2.0 & WebDNA docs in HTML ... (1997) caching -check- (2001) Creating a back button (1999) email code (1998) WebCat2 beta 11 - new prefs ... (1997)