Re: encrypt method=APOP broken or just not enough docs? - was:MD5 encryption

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47395
interpreted = N
texte = Another possibility is to write the URL to a database with a unique key (like a [cart] number), then just set the cookie to that unique key. Then you can look up the URL based on the key in the cookie. My tendency is to set only a user ID cookie, and use that to lookup any user-specific data from WebDNA dbs.- brianOn Monday, February 3, 2003, at 11:02 PM, Dale LaFountain wrote:> Scott, > > OK, fair enough. APOP looked enticing because the encrypted value was > all lower ascii and SHORTER than the input string (both desirable > traits when compared to the default encryption). I didn't even know > that the APOP method existed until earlier today when I looked over > the encrypt docs. > > Upon further reading, the docs imply that Cybercash can't be used for > round trip encrypt/decrypt either: > > decrypt - seed - For CyberCash, this should be the MerchantKey you > were assigned when you created a CyberCash merchant account [...] > CyberCash decryption only works with text sent from the CyberCash > CashRegister server to you; it cannot be used to decrypt text that was > encrypted by WebDNA itself. > > So if we want to encrypt and decrypt data locally, we will need to use > either the built-in encryption or the base64 method for > encoding-but-no-encryption. > > I'm just trying to find the simplest/shortest way to save a URL in a > cookie without it breaking or containing 100 miles of url'd characters > after being encrypted and double-url'd... Since I'm not protecting > critical data, it looks like the winner is: > > [SETCOOKIE name=mycookie&value=[encrypt > method=base64][refr][/encrypt]&path=/&domain=.mydomain.com] > > Something else that took a while to track down today: Don't include > & in cookie data unless you url the input twice (or use base64 > encoding instead of url). > > Thanks, > > Dale > >> APOP is not a valid method for the [decrypt] context. If you need to >> encrypt and decrypt data then use either 'CyberCash' or the built-in >> WebDNA >> method (not using the method= parameter). ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: encrypt method=APOP broken or just not enough docs? - was:MD5 encryption (Brian Fries 2003)
  2. Re: encrypt method=APOP broken or just not enough docs? - was:MD5 encryption (Dale LaFountain 2003)
Another possibility is to write the URL to a database with a unique key (like a [cart] number), then just set the cookie to that unique key. Then you can look up the URL based on the key in the cookie. My tendency is to set only a user ID cookie, and use that to lookup any user-specific data from WebDNA dbs.- brianOn Monday, February 3, 2003, at 11:02 PM, Dale LaFountain wrote:> Scott, > > OK, fair enough. APOP looked enticing because the encrypted value was > all lower ascii and SHORTER than the input string (both desirable > traits when compared to the default encryption). I didn't even know > that the APOP method existed until earlier today when I looked over > the encrypt docs. > > Upon further reading, the docs imply that Cybercash can't be used for > round trip encrypt/decrypt either: > > decrypt - seed - For CyberCash, this should be the MerchantKey you > were assigned when you created a CyberCash merchant account [...] > CyberCash decryption only works with text sent from the CyberCash > CashRegister server to you; it cannot be used to decrypt text that was > encrypted by WebDNA itself. > > So if we want to encrypt and decrypt data locally, we will need to use > either the built-in encryption or the base64 method for > encoding-but-no-encryption. > > I'm just trying to find the simplest/shortest way to save a URL in a > cookie without it breaking or containing 100 miles of url'd characters > after being encrypted and double-url'd... Since I'm not protecting > critical data, it looks like the winner is: > > [SETCOOKIE name=mycookie&value=[encrypt > method=base64][refr][/encrypt]&path=/&domain=.mydomain.com] > > Something else that took a while to track down today: Don't include > & in cookie data unless you url the input twice (or use base64 > encoding instead of url). > > Thanks, > > Dale > >> APOP is not a valid method for the [decrypt] context. If you need to >> encrypt and decrypt data then use either 'CyberCash' or the built-in >> WebDNA >> method (not using the method= parameter). ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Brian Fries

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Not really WebCat (1997) WebDNA :: Product Reviews (2006) two unique banners on one page (1997) ShowNext (1997) redirect with frames (1997) [OT] Disable/enable field (2003) [WebDNA] Silly question (2009) month or year from date field in lineitems? (1998) [Q] Novice's question (1997) A Toughie (1998) Command=Showcart? (2000) [WebDNA] Different responses for the same commands ... (2011) [writefile] (1997) No Data Results (1997) New 4.5 installer (2002) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) emailer (1997) weird order problem in 4.5.1 (2004) Fun with Dates - finally resolved but.... (1997) Can't load tmpl files (1997)