Re: encrypt method=APOP broken or just not enough docs? - was:MD5 encryption

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47395
interpreted = N
texte = Another possibility is to write the URL to a database with a unique key (like a [cart] number), then just set the cookie to that unique key. Then you can look up the URL based on the key in the cookie. My tendency is to set only a user ID cookie, and use that to lookup any user-specific data from WebDNA dbs.- brianOn Monday, February 3, 2003, at 11:02 PM, Dale LaFountain wrote:> Scott, > > OK, fair enough. APOP looked enticing because the encrypted value was > all lower ascii and SHORTER than the input string (both desirable > traits when compared to the default encryption). I didn't even know > that the APOP method existed until earlier today when I looked over > the encrypt docs. > > Upon further reading, the docs imply that Cybercash can't be used for > round trip encrypt/decrypt either: > > decrypt - seed - For CyberCash, this should be the MerchantKey you > were assigned when you created a CyberCash merchant account [...] > CyberCash decryption only works with text sent from the CyberCash > CashRegister server to you; it cannot be used to decrypt text that was > encrypted by WebDNA itself. > > So if we want to encrypt and decrypt data locally, we will need to use > either the built-in encryption or the base64 method for > encoding-but-no-encryption. > > I'm just trying to find the simplest/shortest way to save a URL in a > cookie without it breaking or containing 100 miles of url'd characters > after being encrypted and double-url'd... Since I'm not protecting > critical data, it looks like the winner is: > > [SETCOOKIE name=mycookie&value=[encrypt > method=base64][refr][/encrypt]&path=/&domain=.mydomain.com] > > Something else that took a while to track down today: Don't include > & in cookie data unless you url the input twice (or use base64 > encoding instead of url). > > Thanks, > > Dale > >> APOP is not a valid method for the [decrypt] context. If you need to >> encrypt and decrypt data then use either 'CyberCash' or the built-in >> WebDNA >> method (not using the method= parameter). ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: encrypt method=APOP broken or just not enough docs? - was:MD5 encryption (Brian Fries 2003)
  2. Re: encrypt method=APOP broken or just not enough docs? - was:MD5 encryption (Dale LaFountain 2003)
Another possibility is to write the URL to a database with a unique key (like a [cart] number), then just set the cookie to that unique key. Then you can look up the URL based on the key in the cookie. My tendency is to set only a user ID cookie, and use that to lookup any user-specific data from WebDNA dbs.- brianOn Monday, February 3, 2003, at 11:02 PM, Dale LaFountain wrote:> Scott, > > OK, fair enough. APOP looked enticing because the encrypted value was > all lower ascii and SHORTER than the input string (both desirable > traits when compared to the default encryption). I didn't even know > that the APOP method existed until earlier today when I looked over > the encrypt docs. > > Upon further reading, the docs imply that Cybercash can't be used for > round trip encrypt/decrypt either: > > decrypt - seed - For CyberCash, this should be the MerchantKey you > were assigned when you created a CyberCash merchant account [...] > CyberCash decryption only works with text sent from the CyberCash > CashRegister server to you; it cannot be used to decrypt text that was > encrypted by WebDNA itself. > > So if we want to encrypt and decrypt data locally, we will need to use > either the built-in encryption or the base64 method for > encoding-but-no-encryption. > > I'm just trying to find the simplest/shortest way to save a URL in a > cookie without it breaking or containing 100 miles of url'd characters > after being encrypted and double-url'd... Since I'm not protecting > critical data, it looks like the winner is: > > [SETCOOKIE name=mycookie&value=[encrypt > method=base64][refr][/encrypt]&path=/&domain=.mydomain.com] > > Something else that took a while to track down today: Don't include > & in cookie data unless you url the input twice (or use base64 > encoding instead of url). > > Thanks, > > Dale > >> APOP is not a valid method for the [decrypt] context. If you need to >> encrypt and decrypt data then use either 'CyberCash' or the built-in >> WebDNA >> method (not using the method= parameter). ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Brian Fries

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Frames (1997) WebCat2b13MacPlugIn - More limits on [include] (1997) RE: Ongoing group search problems ... (1997) [CART] inside a [LOOP] (1997) WebCat2 - [format thousands] (1997) [carts] and databases (1997) [WebDNA] Problem with Cookies in IE and Safari (2009) latest version? (1998) problems with 2 tags (1997) [accountNum] and [math] (1997) More on the email templates (1997) Generating unique SKU from [cart] - Still Stumped... (1997) FORMS: Returning a specific page (1997) item sorting (1997) Download URL & access on the fly ? (1997) A multi-processor savvy WebCatalog? (1997) Problem displaying search result (1997) Shopping Cart Page (1997) New 4.5 installer (2002) Help name our technology! I found it (1997)