> Sent: Monday, August 14, 2000 10:15 AM> Subject: Re: Encrypt & SetHeader Length Problem> > > Note that the header fields are all fixed length, and not your fields to> > play with casually. See the docs for the Puchase command, which lists> > most of the field lengths (AccountNum is not one of them, but 14 would> > cover all credit card lengths).> >> > If you want to store something longer, use one of Header1-Header40, and> > you won't have the length problem.> >> > HTH> >> > John Peacock> >> > Pete Campbell wrote:> > >> > > I'm trying to encrypt a number and put it into the cart ACCOUNTNUM> header> > > field. The problem is that only 14 digits of the original number/string> are> > > available after the DECRYPT. The ACCOUNTNUM field is not limited in> length> > > because I can set it to a string of any length. The problem seems to> occur> > > only when I use URLed ENCRYPT data. From the code & output below, it> looks> > > like the SETHEADER context is not storing all of the URL/ENCRYPT data.> > >> > > I use the [URL] context twice to convert the encrypted data to a> hex-only> > > value (presumably safer for headers & DB data). I also use the [URL]> context> > > inside the SETHEADER context because it seems to automatically unURL> data.> > > This way I (hopefully) ensure that the data stored in the header field> is> > > double-URLed.> > >> > > Thanks in advance for any help / suggestions / workarounds.> > >> > > Pete> > >> > > The test code and output is below:> > >> > > [!]************ WebCat code: ************ [/!]> > > [!]This code has a 12-digit input string and works properly.[/!]> > >> > > [text]encryptednum=[url][encrypt> > > seed=TestTest]300020001000[/encrypt][/url][/text]> > > Setting encrypted accountnum to [encryptednum]
> > > The decrypted value is [unurl][decrypt> > > seed=TestTest][encryptednum][/decrypt][/unurl]...
> > > [setheader cart=[cart]]accountnum=[url][encryptednum][/url][/setheader]> > > Encrypted accountnum header is [accountnum]
> > > Decrypted accountnum header is [decrypt> > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]> > >> > > ************ Output: ************> > >> > > Setting encrypted accountnum to 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F> > > The decrypted value is 300020001000...> > > Encrypted accountnum header is 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F> > > Decrypted accountnum header is 300020001000> > >> > > [!]************ WebCat code: ************ [/!]> > > [!]This code has a 16-digit input string and does not work properly.[/!]> > >> > > [text]encryptednum=[url][encrypt> > > seed=TestTest]4000300020001000[/encrypt][/url][/text]> > > Setting encrypted accountnum to [encryptednum]
> > > The decrypted value is [unurl][decrypt> > > seed=TestTest][encryptednum][/decrypt][/unurl]...
> > > [setheader cart=[cart]]accountnum=[url][encryptednum][/url][/setheader]> > > Encrypted accountnum header is [accountnum]
> > > Decrypted accountnum header is [decrypt> > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]
> > >> > > ************ Output: ************> > >> > > Setting encrypted accountnum to> > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F%DEA%A6> > > The decrypted value is 4000300020001000...> > > Encrypted accountnum header is> > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F> > > Decrypted accountnum header is 40003000200010> > >> > > The decrypted header above is missing the last 2 digits.> > >> > > -------------------------------------------------------------> > > This message is sent to you because you are subscribed to> > > the mailing list .> > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to> > > > Web Archive of this list is at: http://search.smithmicro.com/> >> > -------------------------------------------------------------> > This message is sent to you because you are subscribed to> > the mailing list .> > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to> > > Web Archive of this list is at: http://search.smithmicro.com/> >> > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
SMSI will have to explain why the ACCOUNTNUM field takes more bare textthan it does url'd encrypted text. This does, however, raise the question: Why are you encrypting in the first place?Since the cart file is located on the server and never sent to thebrowser (unless you specify that field for display), and you can addanything to the cart header in such a way that it never appears in theHTML source, I see no reason to use encrypt at all. I know some peoplehave used doubly-url'd and encrypted text for storage in cookies, buthere there does not seem to be any need for that level of confusion.John PeacockPete Campbell wrote:> > Thanks John. I didn't know about the field-length limits (not mentioned at> all in the SETHEADER section of the docs). Even so, its not clear that the> ACCOUNTNUM field is limited.> > Your solution about using a HEADERxx field instead of the ACCOUNTNUM field> works but its not clear why. ACCOUNTNUM does not appear to be limited in> length. If I set the ACCOUNTNUM header to a simple alphanumeric string (say> 7000600050004000300020001000 - 28 chars) it works fine.> > The problem appears to be related to the URL codes in the string assigned to> ACCOUNTNUM. For some reason, ACCOUNTNUM has a limited size if the string is> URLed. If I use a string of> [url]*@$(*@#)$*@$(*#$(*$(*#&$(*#&$)(*[/url], the decrypted UNURLed> ACCOUNTNUM value returned is *@$(*@#)$*@$%, much shorter than the> original string. If I use a HEADERxx field, this does not occur.> > FYI, I've tested this on WC 3.?? and 4.0b1.> > Pete> > ----- Original Message -----> From: John Peacock > To: WebCatalog Talk > Sent: Monday, August 14, 2000 10:15 AM> Subject: Re: Encrypt & SetHeader Length Problem> > > Note that the header fields are all fixed length, and not your fields to> > play with casually. See the docs for the Puchase command, which lists> > most of the field lengths (AccountNum is not one of them, but 14 would> > cover all credit card lengths).> >> > If you want to store something longer, use one of Header1-Header40, and> > you won't have the length problem.> >> > HTH> >> > John Peacock> >> > Pete Campbell wrote:> > >> > > I'm trying to encrypt a number and put it into the cart ACCOUNTNUM> header> > > field. The problem is that only 14 digits of the original number/string> are> > > available after the DECRYPT. The ACCOUNTNUM field is not limited in> length> > > because I can set it to a string of any length. The problem seems to> occur> > > only when I use URLed ENCRYPT data. From the code & output below, it> looks> > > like the SETHEADER context is not storing all of the URL/ENCRYPT data.> > >> > > I use the [url] context twice to convert the encrypted data to a> hex-only> > > value (presumably safer for headers & DB data). I also use the [url]> context> > > inside the SETHEADER context because it seems to automatically unURL> data.> > > This way I (hopefully) ensure that the data stored in the header field> is> > > double-URLed.> > >> > > Thanks in advance for any help / suggestions / workarounds.> > >> > > Pete> > >> > > The test code and output is below:> > >> > > [!]************ WebCat code: ************ [/!]> > > [!]This code has a 12-digit input string and works properly.[/!]> > >> > > [text]encryptednum=[url][encrypt> > > seed=TestTest]300020001000[/encrypt][/url][/text]> > > Setting encrypted accountnum to [encryptednum]
> > > The decrypted value is [unurl][decrypt> > > seed=TestTest][encryptednum][/decrypt][/unurl]...
> > > [setheader cart=[cart]]accountnum=[url][encryptednum][/url][/setheader]> > > Encrypted accountnum header is [accountnum]
> > > Decrypted accountnum header is [decrypt> > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]> > >> > > ************ Output: ************> > >> > > Setting encrypted accountnum to 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F> > > The decrypted value is 300020001000...> > > Encrypted accountnum header is 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F> > > Decrypted accountnum header is 300020001000> > >> > > [!]************ WebCat code: ************ [/!]> > > [!]This code has a 16-digit input string and does not work properly.[/!]> > >> > > [text]encryptednum=[url][encrypt> > > seed=TestTest]4000300020001000[/encrypt][/url][/text]> > > Setting encrypted accountnum to [encryptednum]
> > > The decrypted value is [unurl][decrypt> > > seed=TestTest][encryptednum][/decrypt][/unurl]...
> > > [setheader cart=[cart]]accountnum=[url][encryptednum][/url][/setheader]> > > Encrypted accountnum header is [accountnum]
> > > Decrypted accountnum header is [decrypt> > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]
> > >> > > ************ Output: ************> > >> > > Setting encrypted accountnum to> > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F%DEA%A6> > > The decrypted value is 4000300020001000...> > > Encrypted accountnum header is> > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F> > > Decrypted accountnum header is 40003000200010> > >> > > The decrypted header above is missing the last 2 digits.> > >> > > -------------------------------------------------------------> > > This message is sent to you because you are subscribed to> > > the mailing list .> > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to> > > > Web Archive of this list is at: http://search.smithmicro.com/> >> > -------------------------------------------------------------> > This message is sent to you because you are subscribed to> > the mailing list .> > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to> > > Web Archive of this list is at: http://search.smithmicro.com/> >> > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
John Peacock
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] FedEx XML response - grab rate (2014)
problem: search crashes webstar (1997)
Problems getting parameters passed into email. (1997)
Summary search -- speed (1997)
Rhapsody? (1997)
[index] (1997)
input type=file has no value? (2003)
WebDNA Solutions ... sorry! (1997)
[WebDNA] Encryptng a password (2016)
OT: MacOSX exploit (2002)
WebCat2b12plugin - [search] is broken ... not! (1997)
Error Log.db --however (1997)
HTML Editors (1997)
Setting up shop (1997)
Help name our technology! (1997)
Email notification to one of multiple vendors ? (1997)
Re:2nd WebCatalog2 Feature Request (1996)
Need relative path explanation (1997)
MacWEEK article help needed (1996)
Locking up with WebCatalog... (1997)