Re: [TEXT SECURE=T]

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 32039
interpreted = N
texte = Any time a security problem comes to light, all bets are off as to where the change needs to be made. There have been plenty of security problems with ColdFusion, ASP, and even Perl that required edits of user source to fix. There is also no use arguing; Grant has made very clear that they will not ship the program without Secure=T as the default. There is no one requiring you to upgrade to 4.0 if you cannot change your templates. There is also every reason to suspect that many, if not most templates will require no changes at all. It is only if you used the specific technique of relying on command line variables overriding text variables that anything needs to be changed in the first place.And it is extremely unlikely that any ResEdit change could be made to flip the security, since the change alters the very nature of the parse tree.John PeacockAlex McCombie wrote: > > on 5/18/00 2:12 PM, John Peacock at JPeacock@UnivPress.com wrote: > > > This is a security fix, not an upgrade. Secure=T is the only default > > that makes sense. Anyone with a reasonable editor can quickly update > > all of their sites in minutes. SM is not jilting customers; they are > > fixing a very significant security problem. > > > > John Peacock > Since a security fix often involves changed to the code set of an app and > not the forced change of potentially hundreds of files by the actual > customers... > > and since I know many users have purchased encrypted pages that they cannot > fix themselves... > > and since some providers have other clients using WebDNA on their own > collocated sites and thus will end up in support 'heaven'... > > how about this... > > anyone finding through unofficial means a ResEdit change or resource editor > or should SM decide to add this default setting of secure=T to their > preference files (hint hint), I would certainly like to know of that > information because I would not hesitate to change it's usage if it served > me better that way. > > ...... > > -- > Alex J. McCombie (800-724-8973) > http://OurClients.com Corporate > http://McCombie.com Personal (Alex@McCombie.com) > > http://ClubGab.com/ > <--- Now here's a serious Chat Room! --->############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re: [TEXT SECURE=T] (Nicolas Verhaeghe 2000)
  2. Re: [TEXT SECURE=T] (Alex McCombie 2000)
  3. Re: [TEXT SECURE=T] (Nicolas Verhaeghe 2000)
  4. Re: [TEXT SECURE=T] (Alex McCombie 2000)
  5. Re: [TEXT SECURE=T] (Kenneth Grome 2000)
  6. Re: [TEXT SECURE=T] (John Peacock 2000)
  7. Re: [TEXT SECURE=T] (John Peacock 2000)
  8. [TEXT SECURE=T] (Brian Rhoten 2000)
Any time a security problem comes to light, all bets are off as to where the change needs to be made. There have been plenty of security problems with ColdFusion, ASP, and even Perl that required edits of user source to fix. There is also no use arguing; Grant has made very clear that they will not ship the program without Secure=T as the default. There is no one requiring you to upgrade to 4.0 if you cannot change your templates. There is also every reason to suspect that many, if not most templates will require no changes at all. It is only if you used the specific technique of relying on command line variables overriding text variables that anything needs to be changed in the first place.And it is extremely unlikely that any ResEdit change could be made to flip the security, since the change alters the very nature of the parse tree.John PeacockAlex McCombie wrote: > > on 5/18/00 2:12 PM, John Peacock at JPeacock@UnivPress.com wrote: > > > This is a security fix, not an upgrade. Secure=T is the only default > > that makes sense. Anyone with a reasonable editor can quickly update > > all of their sites in minutes. SM is not jilting customers; they are > > fixing a very significant security problem. > > > > John Peacock > Since a security fix often involves changed to the code set of an app and > not the forced change of potentially hundreds of files by the actual > customers... > > and since I know many users have purchased encrypted pages that they cannot > fix themselves... > > and since some providers have other clients using WebDNA on their own > collocated sites and thus will end up in support 'heaven'... > > how about this... > > anyone finding through unofficial means a ResEdit change or resource editor > or should SM decide to add this default setting of secure=T to their > preference files (hint hint), I would certainly like to know of that > information because I would not hesitate to change it's usage if it served > me better that way. > > ...... > > -- > Alex J. McCombie (800-724-8973) > http://OurClients.com Corporate > http://McCombie.com Personal (Alex@McCombie.com) > > http://ClubGab.com/ > <--- Now here's a serious Chat Room! --->############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebDNA problems with Itools 7.3 Upgrade (2004) InSecureTextVariables.... (2000) breaking & sorting (2000) PR: WebCatalog Affiliates Program Announced -- Share the revenue for promoting WebCatalog (2000) Need help... (1997) chat opinion ... (2002) FTP FOLDER PERMISSIONS (2004) Is the Finder required? (1998) Flag checking (2000) & not allowed in db by definition? (1999) Calculating Shipping (1997) gateway application timeouts (1998) UPDATEDONE question ... (1998) more info on [setlineitems] (1997) incrementing sku (1998) [OT] Domain Name Scam (2000) [OT] Conversion from QuickMail Pro (2002) [Semi-OT] Eaaaaaasy OSX FTP (2003) Need help with search title (1998) please anybody help (2005)