Re: No subject given

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31350
interpreted = N
texte = Oh my GOD! Ken and I agree about something. Hmmm, I must be thinking about this wrong, or something...8~}John PeacockKenneth Grome wrote: > > >With that in mind, I have to change my mind and go with the [text secure=f] > >mode. This will require updates to existing template, and may even include > >massive rewrites. The worst case scenario would have all instances of [text] > >replaced with [text secure=f], which would then put the onus for the lack of > >security on the programmer involved. > > > >But since the security failure of the present model has now been > >revealed, this > >is the only prudent course of action. I don't think that there should be a > >system option to make the reverse (insecure mode) be the default behavior. > > I agree 100%. It only makes sense to change the default to secure, > given the fact that this really is a security issue in some > situations, depending upon how certain variables are used. Besides, > the global changes to any existing site would be minimal in order to > maintain backward compatibility, requiring no more than three passes > in bbedit: > > 1- change [text] to [text secure=f] > 2- change [text show=f] to [text show=f&secure=f] > 3- change [text show=t] to [text show=t&secure=f] > > Once these three passes are performed, all our old sites will gain > the advantage of having the new secure variable hierarchy to work > with wherever we need it -- without breaking things. > > ================================ > Kenneth Grome, WebDNA Consultant > 808-737-6499 http://webdna.net > ================================ >############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re: Grepping text variable tags (was: Re: No subject given) (John Butler 2000)
  2. Re: Grepping text variable tags (was: Re: No subject given) (John Peacock 2000)
  3. Re: Grepping text variable tags (was: Re: No subject given) (John Peacock 2000)
  4. Re: Grepping text variable tags (was: Re: No subject given) (Chuck Rice 2000)
  5. Re: Grepping text variable tags (was: Re: No subject given) (Kenneth Grome 2000)
  6. Re: Grepping text variable tags (was: Re: No subject given) (Jereme Claussen 2000)
  7. Re: Grepping text variable tags (was: Re: No subject given) (Kenneth Grome 2000)
  8. Grepping text variable tags (was: Re: No subject given) (Rob Marquardt 2000)
  9. Re: No subject given (Jereme Claussen 2000)
  10. Re: No subject given (Kenneth Grome 2000)
  11. Re: No subject given (John Peacock 2000)
  12. Re: No subject given (Jereme Claussen 2000)
  13. Re: No subject given (John Peacock 2000)
  14. Re: No subject given (Kenneth Grome 2000)
  15. No subject given (jpeacock@univpress.com 2000)
Oh my GOD! Ken and I agree about something. Hmmm, I must be thinking about this wrong, or something...8~}John PeacockKenneth Grome wrote: > > >With that in mind, I have to change my mind and go with the [text secure=f] > >mode. This will require updates to existing template, and may even include > >massive rewrites. The worst case scenario would have all instances of [text] > >replaced with [text secure=f], which would then put the onus for the lack of > >security on the programmer involved. > > > >But since the security failure of the present model has now been > >revealed, this > >is the only prudent course of action. I don't think that there should be a > >system option to make the reverse (insecure mode) be the default behavior. > > I agree 100%. It only makes sense to change the default to secure, > given the fact that this really is a security issue in some > situations, depending upon how certain variables are used. Besides, > the global changes to any existing site would be minimal in order to > maintain backward compatibility, requiring no more than three passes > in bbedit: > > 1- change [text] to [text secure=f] > 2- change [text show=f] to [text show=f&secure=f] > 3- change [text show=t] to [text show=t&secure=f] > > Once these three passes are performed, all our old sites will gain > the advantage of having the new secure variable hierarchy to work > with wherever we need it -- without breaking things. > > ================================ > Kenneth Grome, WebDNA Consultant > 808-737-6499 http://webdna.net > ================================ >############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Help formatting search results w/ table (1997) Server crash (1997) Clearing orders and database help! (1997) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) Suppressing returns (2000) WebCat2 several catalogs? (1997) re: Large databases in WebCat (1997) SQL db type (2006) Emailer (1997) syntax question, not in online refernce (1997) Sorting by date (1997) RE: protect tag on NT (1997) OFF TOPIC: help wanted (1997) Shopping Cart Page (1997) Running 2 two WebCatalog.acgi's (1996) Country & Ship-to address & other fields ? (1997) WebCat2b12--[searchstring] bug (1997) WC 2.0 frames feature (1997) Strange intermittent WebDNA problems Workaround (2008) Spawn doesn't work as advertised ... (2000)