Re: WebCatalog 4.0 has been released!
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 32821
interpreted = N
texte = I have never used the behavior in question, nor did it occur to me thatit was a good idea when it was discussed. Relying on precedence is always a bad idea when programming public executable code, which is why tainting is such an important feature in Perl. It is actually veryhard to write perl code that will execute under -T, because you quicklyrealize what assumptions you make when you write code.You and every other developer can make the choice to disable to highersecurity in the new system. If you personally never distributed any ofyour code in readable form, there is very little that any cracker coulddo to fake out your code. But, I will never rely on hidden variables toprotect my sites, and I will never be disabling the security. I also urge everyone to examine their code-base and fix individual [text] vars rather than blindly flipping the flag in case. New sites, written from scratch, will include tags that cannot be interpreted by older WebCat installs (such is the nature of upgrades). Don't crippleyour site now, to suit old programming mistakes.John PeacockAlex McCombie wrote:> > The good news is that SM heard the cry to include this in the prefs so> that it could be changed but opted to rely on word of mouth(email) as to how> to use it. This will likely ensure that there will be NUMEROUS emails on the> forum regarding it as people work through it.>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
I have never used the behavior in question, nor did it occur to me thatit was a good idea when it was discussed. Relying on precedence is always a bad idea when programming public executable code, which is why tainting is such an important feature in Perl. It is actually veryhard to write perl code that will execute under -T, because you quicklyrealize what assumptions you make when you write code.You and every other developer can make the choice to disable to highersecurity in the new system. If you personally never distributed any ofyour code in readable form, there is very little that any cracker coulddo to fake out your code. But, I will never rely on hidden variables toprotect my sites, and I will never be disabling the security. I also urge everyone to examine their code-base and fix individual [text] vars rather than blindly flipping the flag in case. New sites, written from scratch, will include tags that cannot be interpreted by older WebCat installs (such is the nature of upgrades). Don't crippleyour site now, to suit old programming mistakes.John PeacockAlex McCombie wrote:> > The good news is that SM heard the cry to include this in the prefs so> that it could be changed but opted to rely on word of mouth(email) as to how> to use it. This will likely ensure that there will be NUMEROUS emails on the> forum regarding it as people work through it.>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
John Peacock
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Configuring E-mail (1997)
(2000)
UPS Quick Cost Calculator (1997)
Multiple fields on 1 input (1997)
[WebDNA] XML Help (2009)
RSS Feeds; basic info (2005)
Text Variabels Not Passed To Include (2002)
Authorize.net setup (2002)
[OT] Browser's search via javascript? (2003)
wierd crashes for multi-sendmails on NT (1997)
Siteedit (1999)
Running more than one WebCatalog serial# (1998)
Banners and sort of random display (1997)
more [sendmail] woes.. (2000)
[searchString] (1997)
Showif, Hideif reverse logic ? (1997)
Explorer oddities (1997)
Help Please WebDNA 6 Secure Forms Problem (2004)
PSC recommends what date format yr 2000??? (1997)
docs for WebCatalog2 (1997)