Re: Pirated WebCat? NOT...

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 49759
interpreted = N
texte = >Something that also bothers me is the apparent ability that Smith Micro has >to retrieve the Serial number from my server. . .what else can you retrieve? >If you can get this, can you read database files and decrypt credit card >numbers too? Let me know and try to convince me that you can't. . . They *CAN* retrieve any piece of information that is accessible to any webdna code on the server!All they have to do is put an internally hard-coded tcpconnect context into the webdna engine code, along with the related code that looks inside the files stored on the server, and then webdna can traverse your entire folder hierarchy and grab any piece of information it finds there, then send it to who knows where?To SMSI's server? To someone else's server?Yes of course this means that the credit cards, which are already stored unencrypted in webdna's plan text cart files and webdna database files, are potential targets of 'secret acquisition' by Smith Micro ... or worse.What could be worse?Well, possibly a disgruntled employee (or former employee) who has written portions of webdna's internal code, possibly adding his own little data grabbing snippets that deliver our customer's credit card data to his server, even without the knowledge of others at SMSI ... :(My question is not so much whether the company as a whole is honest enough to be trusted to allow this kind of internal data gathering capability to exist. Because personally I have never trusted them after they (PCS) promised me 50% of the revenues from the sales of Typhoon (which I developed with them) only to learn later that they would go back on their promises and cut me out of the deal. This illustrates a clear lack of integrity for which I have no respect whatsoever.And of course their repeated attempts to bully me into giving them my webdna.net domain when I was the first to register it and when I owned it long before they ever managed to get a trademark on the webdna character string, that is yet another unethical behavior by a company who seems to think we own them our trust.But regardless of these issue which I have personally had with PCS/SMSI over the years, I cannot help wondering just how many truly trustworthy people actually worked on webdna's engine code?Or how many not-so-trustworthy people may have had an opportunity to slip in their own versions of a 'secret data grabbing' feature that is completely unknown to the SMSI management???My feeling, based partially on my own experiences in dealing with this company and its predecessor, is that SMSI could easily have treated their own people with the same kind of disrespect they have shown me over the years. And this kind of treatment can cause really some people to feel, shall we say, less than happy about SMSI's treatment of them -- and possibly even vengeful.It wouldn't take much tweaking in the engine code by someone who doesn't like the fact that he didn't get his promised raise last year to create a very serious threat to the security of any site running any version of WebDNA with this code in it.Because of these issues, I feel that there is no possible way that SMSI will ever convince me that they can be trusted. I have personally had far too many bad experiences with them. It is only their word that we have to rely on, and that's what I continue to find unbelievable.I mean, does *anyone* really believe that they were NOT trying to sneak this feature into the software?I'm sorry but I simply do not believe that when this kind of 'feature' is added to software that never used to be able to do such a thing, it is a BIG DEAL! And if the company were truly an ethical company it would make every effort to report and explain this new feature immediately, in CAPITAL LETTERS, so everyone would be able to rest assured that they were not trying to hide it.Correct me if I'm wrong here, but I don't think that this is what SMSI did ... :( -- Sincerely, Kenneth Grome ------------------------------------------------------------- My programmers will write WebDNA code for you at $27 an hour! -------------------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Pirated WebCat? NOT... (Bonkers 2003)
  2. Re: Pirated WebCat? NOT... (Dan Strong 2003)
  3. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  4. Re: Pirated WebCat? NOT... (Doug Deck 2003)
  5. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  6. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  7. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  8. Re: Pirated WebCat? NOT... (Jeff Logan 2003)
  9. Re: Pirated WebCat? NOT... (Jay Van Vark 2003)
  10. Re: Pirated WebCat? NOT... (Kimberly D. Walls 2003)
  11. Re: Pirated WebCat? NOT... (Karl Schroll 2003)
  12. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  13. Re: Pirated WebCat? NOT... (Joe D'Andrea 2003)
  14. Re: Pirated WebCat? NOT... (Doug Deck 2003)
  15. Re: Pirated WebCat? NOT... (Donovan 2003)
  16. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  17. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  18. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  19. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  20. Re: Pirated WebCat? NOT... (Pat Holliday 2003)
  21. Re: Pirated WebCat? NOT... (Claude Gelinas 2003)
  22. Re: Pirated WebCat? NOT... (Daniel Schutzsmith 2003)
  23. Re: Pirated WebCat? NOT... (Bob Minor 2003)
  24. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  25. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  26. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  27. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  28. Re: Pirated WebCat? NOT... (Rene van der Velde 2003)
  29. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  30. Pirated WebCat? NOT... (Rob Blair 2003)
>Something that also bothers me is the apparent ability that Smith Micro has >to retrieve the Serial number from my server. . .what else can you retrieve? >If you can get this, can you read database files and decrypt credit card >numbers too? Let me know and try to convince me that you can't. . . They *CAN* retrieve any piece of information that is accessible to any webdna code on the server!All they have to do is put an internally hard-coded tcpconnect context into the webdna engine code, along with the related code that looks inside the files stored on the server, and then webdna can traverse your entire folder hierarchy and grab any piece of information it finds there, then send it to who knows where?To SMSI's server? To someone else's server?Yes of course this means that the credit cards, which are already stored unencrypted in webdna's plan text cart files and webdna database files, are potential targets of 'secret acquisition' by Smith Micro ... or worse.What could be worse?Well, possibly a disgruntled employee (or former employee) who has written portions of webdna's internal code, possibly adding his own little data grabbing snippets that deliver our customer's credit card data to his server, even without the knowledge of others at SMSI ... :(My question is not so much whether the company as a whole is honest enough to be trusted to allow this kind of internal data gathering capability to exist. Because personally I have never trusted them after they (PCS) promised me 50% of the revenues from the sales of Typhoon (which I developed with them) only to learn later that they would go back on their promises and cut me out of the deal. This illustrates a clear lack of integrity for which I have no respect whatsoever.And of course their repeated attempts to bully me into giving them my webdna.net domain when I was the first to register it and when I owned it long before they ever managed to get a trademark on the webdna character string, that is yet another unethical behavior by a company who seems to think we own them our trust.But regardless of these issue which I have personally had with PCS/SMSI over the years, I cannot help wondering just how many truly trustworthy people actually worked on webdna's engine code?Or how many not-so-trustworthy people may have had an opportunity to slip in their own versions of a 'secret data grabbing' feature that is completely unknown to the SMSI management???My feeling, based partially on my own experiences in dealing with this company and its predecessor, is that SMSI could easily have treated their own people with the same kind of disrespect they have shown me over the years. And this kind of treatment can cause really some people to feel, shall we say, less than happy about SMSI's treatment of them -- and possibly even vengeful.It wouldn't take much tweaking in the engine code by someone who doesn't like the fact that he didn't get his promised raise last year to create a very serious threat to the security of any site running any version of WebDNA with this code in it.Because of these issues, I feel that there is no possible way that SMSI will ever convince me that they can be trusted. I have personally had far too many bad experiences with them. It is only their word that we have to rely on, and that's what I continue to find unbelievable.I mean, does *anyone* really believe that they were NOT trying to sneak this feature into the software?I'm sorry but I simply do not believe that when this kind of 'feature' is added to software that never used to be able to do such a thing, it is a BIG DEAL! And if the company were truly an ethical company it would make every effort to report and explain this new feature immediately, in CAPITAL LETTERS, so everyone would be able to rest assured that they were not trying to hide it.Correct me if I'm wrong here, but I don't think that this is what SMSI did ... :( -- Sincerely, Kenneth Grome ------------------------------------------------------------- My programmers will write WebDNA code for you at $27 an hour! -------------------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[if] and [showif] (2002) How to search dbs across virtual hosts for same domain? (2003) WebCatalog for guestbook ? (1997) ShowNext for method=POST (1997) [protect admin] (1997) WebCat2 Append problem (B14Macacgi) (1997) Separate SSL Server (1997) FYI-AuthorizeNet-possible downtime (2001) Root Folder problems cont. (1998) Formating found categories (1997) [format 40s]text[/format] doesn't work (1997) Lost Field (1998) Summing fields (1997) Different coloured rows for [FoundItems] (2000) Fwd: Handling Charges (1999) Subtotal Not Calculated on Invoice.html (1998) WebCat2 - [include] tags (1997) Stuck - Figured out?? (2003) Bug Report, maybe (1997) .html processing? (1998)