Re: encrypt method=APOP broken or just not enough docs? - was:MD5 encryption

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47395
interpreted = N
texte = Another possibility is to write the URL to a database with a unique key (like a [cart] number), then just set the cookie to that unique key. Then you can look up the URL based on the key in the cookie. My tendency is to set only a user ID cookie, and use that to lookup any user-specific data from WebDNA dbs.- brianOn Monday, February 3, 2003, at 11:02 PM, Dale LaFountain wrote:> Scott, > > OK, fair enough. APOP looked enticing because the encrypted value was > all lower ascii and SHORTER than the input string (both desirable > traits when compared to the default encryption). I didn't even know > that the APOP method existed until earlier today when I looked over > the encrypt docs. > > Upon further reading, the docs imply that Cybercash can't be used for > round trip encrypt/decrypt either: > > decrypt - seed - For CyberCash, this should be the MerchantKey you > were assigned when you created a CyberCash merchant account [...] > CyberCash decryption only works with text sent from the CyberCash > CashRegister server to you; it cannot be used to decrypt text that was > encrypted by WebDNA itself. > > So if we want to encrypt and decrypt data locally, we will need to use > either the built-in encryption or the base64 method for > encoding-but-no-encryption. > > I'm just trying to find the simplest/shortest way to save a URL in a > cookie without it breaking or containing 100 miles of url'd characters > after being encrypted and double-url'd... Since I'm not protecting > critical data, it looks like the winner is: > > [SETCOOKIE name=mycookie&value=[encrypt > method=base64][refr][/encrypt]&path=/&domain=.mydomain.com] > > Something else that took a while to track down today: Don't include > & in cookie data unless you url the input twice (or use base64 > encoding instead of url). > > Thanks, > > Dale > >> APOP is not a valid method for the [decrypt] context. If you need to >> encrypt and decrypt data then use either 'CyberCash' or the built-in >> WebDNA >> method (not using the method= parameter). ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: encrypt method=APOP broken or just not enough docs? - was:MD5 encryption (Brian Fries 2003)
  2. Re: encrypt method=APOP broken or just not enough docs? - was:MD5 encryption (Dale LaFountain 2003)
Another possibility is to write the URL to a database with a unique key (like a [cart] number), then just set the cookie to that unique key. Then you can look up the URL based on the key in the cookie. My tendency is to set only a user ID cookie, and use that to lookup any user-specific data from WebDNA dbs.- brianOn Monday, February 3, 2003, at 11:02 PM, Dale LaFountain wrote:> Scott, > > OK, fair enough. APOP looked enticing because the encrypted value was > all lower ascii and SHORTER than the input string (both desirable > traits when compared to the default encryption). I didn't even know > that the APOP method existed until earlier today when I looked over > the encrypt docs. > > Upon further reading, the docs imply that Cybercash can't be used for > round trip encrypt/decrypt either: > > decrypt - seed - For CyberCash, this should be the MerchantKey you > were assigned when you created a CyberCash merchant account [...] > CyberCash decryption only works with text sent from the CyberCash > CashRegister server to you; it cannot be used to decrypt text that was > encrypted by WebDNA itself. > > So if we want to encrypt and decrypt data locally, we will need to use > either the built-in encryption or the base64 method for > encoding-but-no-encryption. > > I'm just trying to find the simplest/shortest way to save a URL in a > cookie without it breaking or containing 100 miles of url'd characters > after being encrypted and double-url'd... Since I'm not protecting > critical data, it looks like the winner is: > > [SETCOOKIE name=mycookie&value=[encrypt > method=base64][refr][/encrypt]&path=/&domain=.mydomain.com] > > Something else that took a while to track down today: Don't include > & in cookie data unless you url the input twice (or use base64 > encoding instead of url). > > Thanks, > > Dale > >> APOP is not a valid method for the [decrypt] context. If you need to >> encrypt and decrypt data then use either 'CyberCash' or the built-in >> WebDNA >> method (not using the method= parameter). ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Brian Fries

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat2b13MacPlugIn - [include] (1997) two questions (1997) [shell] stopped ?? (2003) PCS Frames (1997) Proper file locations (1997) Too Much Rootbeer Free Offer (1997) ImageMagick (2005) [ShowNext] feature in 2.0 (1997) setheader and retrieve it immediatly (2001) credit card authorization question (1997) writing db to disk (1997) SendMail - Idea (2000) Protect vs Authenicate (1997) Cart ID Duplication (2001) [WebDNA] 3-5 GB of native WebDNA db in RAM?, else MySQL w/WebDNA [SQL] tags, else skip WebDNA altogether? (2009) Send massmail (2000) Dark Horse Comics success story (1997) Finding max value for a field (1997) presetting variables ... (2000) Checkboxes (1998)