Re: Where is the secure setting for text variables?

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 54722
interpreted = N
texte = Alex, Thanks for the idea. I have done something more basic than that where the number didn't change as often. The umm.. 'person' attacking my server has figured out part of what I am doing to block him. What he doesn't know is I am doing other checks to thwart him and re-direct all suspect submissions to me. I will look into adding what you suggest. Thanks! Dale On Dec 6, 2003, at 9:26 AM, Alex McCombie wrote: > On 12/6/03 2:22 AM, "CN Stuff" wrote: > >> I was thinking I could pass something from the previous page that was >> required on the posted page I could somehow thwart this loser. I guess >> I will just go with the referrer. >> >> Thanks >> >> Dale > Dale if you really want to stop this try this logic. > > On the submittal page, have a search tag that searches a key database. > The database is simple.. > > One field > SKU KEY > 1 23456787654 > > > That's it. The number is random. > > Set a trigger to be called say every 30 minutes or so that just calls > a page > that simply does 2 things: > > replaces sku record 1 with a random number. > > The replaces a key.inc that sits in globals or somewhere standard for > you > with the same number. > > Then on the form page the inc file is inserted into a variable and on > the > submittal the search string simply checks the key db against the value > of > the key.inc > > Whalla randomly rotating key number that updates itself automatically. > > There is a very small chance that someone who got the form before the > number > changed when submitting it would get a mismatched number. > > This is easily resolved, if you're really concerned about it, by simply > using 2 numbers in the key.db. > > The 1 sku is the new number, and the 2 sku is the 1 sku moved down as > number > one is changed. This guarantees you will never get mismatched failure > and it > is pretty much as simple and secure. > > HTH > Alex ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Where is the secure setting for text variables? ( "Dan Strong" 2003)
  2. Re: Where is the secure setting for text variables? ( CN Stuff 2003)
  3. Re: Where is the secure setting for text variables? ( Donovan Brooke 2003)
  4. Re: Where is the secure setting for text variables? ( Donovan Brooke 2003)
  5. Re: Where is the secure setting for text variables? ( John Peacock 2003)
  6. Re: Where is the secure setting for text variables? ( Glenn Busbin 2003)
  7. Re: Where is the secure setting for text variables? ( Brian Fries 2003)
  8. Re: Where is the secure setting for text variables? ( "Dan Strong" 2003)
  9. Re: Where is the secure setting for text variables? ( Alex McCombie 2003)
  10. Re: Where is the secure setting for text variables? ( Terry Wilson 2003)
  11. Re: Where is the secure setting for text variables? ( CN Stuff 2003)
  12. Re: Where is the secure setting for text variables? ( "Dan Strong" 2003)
  13. Re: Where is the secure setting for text variables? ( Jesse Proudman 2003)
  14. Where is the secure setting for text variables? ( CN Stuff 2003)
Alex, Thanks for the idea. I have done something more basic than that where the number didn't change as often. The umm.. 'person' attacking my server has figured out part of what I am doing to block him. What he doesn't know is I am doing other checks to thwart him and re-direct all suspect submissions to me. I will look into adding what you suggest. Thanks! Dale On Dec 6, 2003, at 9:26 AM, Alex McCombie wrote: > On 12/6/03 2:22 AM, "CN Stuff" wrote: > >> I was thinking I could pass something from the previous page that was >> required on the posted page I could somehow thwart this loser. I guess >> I will just go with the referrer. >> >> Thanks >> >> Dale > Dale if you really want to stop this try this logic. > > On the submittal page, have a search tag that searches a key database. > The database is simple.. > > One field > SKU KEY > 1 23456787654 > > > That's it. The number is random. > > Set a trigger to be called say every 30 minutes or so that just calls > a page > that simply does 2 things: > > replaces sku record 1 with a random number. > > The replaces a key.inc that sits in globals or somewhere standard for > you > with the same number. > > Then on the form page the inc file is inserted into a variable and on > the > submittal the search string simply checks the key db against the value > of > the key.inc > > Whalla randomly rotating key number that updates itself automatically. > > There is a very small chance that someone who got the form before the > number > changed when submitting it would get a mismatched number. > > This is easily resolved, if you're really concerned about it, by simply > using 2 numbers in the key.db. > > The 1 sku is the new number, and the 2 sku is the 1 sku moved down as > number > one is changed. This guarantees you will never get mismatched failure > and it > is pretty much as simple and secure. > > HTH > Alex ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ CN Stuff

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

OT: looking for help creating a masked image with Photoshop orFireworks (2002) GrandTotal not right (1997) [WebDNA] UTF-8 encoding issues (2010) Webcat 2.0.1b1 bug with IE 3.01/4.0p1 (1997) Advice (2003) Signal Raised (1997) Fed Ex Interaction (2003) WC2.0 Memory Requirements (1997) ShowNext for method=POST (1997) Webcat2, WebCommerce, Mod 10 etc. (1997) WebTEN vs webSTAR (1998) creator code (1997) Browser Reloads and AddlineItem (1997) Sorting by date (1997) SiteEdit NewFile.html ? (1997) Unexpected error (1997) Bug or syntax error on my part? (1997) WebMerchant 1.6 and SHTML (1997) possible, WebCat2.0 and checkboxes-restated (1997) NT Setup (1998)