Re: Where is the secure setting for text variables?
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 54722
interpreted = N
texte = Alex,Thanks for the idea. I have done something more basic than that where the number didn't change as often. The umm.. 'person' attacking my server has figured out part of what I am doing to block him. What he doesn't know is I am doing other checks to thwart him and re-direct all suspect submissions to me.I will look into adding what you suggest.Thanks!DaleOn Dec 6, 2003, at 9:26 AM, Alex McCombie wrote:> On 12/6/03 2:22 AM, "CN Stuff"
wrote:>>> I was thinking I could pass something from the previous page that was>> required on the posted page I could somehow thwart this loser. I guess>> I will just go with the referrer.>>>> Thanks>>>> Dale> Dale if you really want to stop this try this logic.>> On the submittal page, have a search tag that searches a key database.> The database is simple..>> One field> SKU KEY> 1 23456787654>>> That's it. The number is random.>> Set a trigger to be called say every 30 minutes or so that just calls > a page> that simply does 2 things:>> replaces sku record 1 with a random number.>> The replaces a key.inc that sits in globals or somewhere standard for > you> with the same number.>> Then on the form page the inc file is inserted into a variable and on > the> submittal the search string simply checks the key db against the value > of> the key.inc>> Whalla randomly rotating key number that updates itself automatically.>> There is a very small chance that someone who got the form before the > number> changed when submitting it would get a mismatched number.>> This is easily resolved, if you're really concerned about it, by simply> using 2 numbers in the key.db.>> The 1 sku is the new number, and the 2 sku is the 1 sku moved down as > number> one is changed. This guarantees you will never get mismatched failure > and it> is pretty much as simple and secure.>> HTH> Alex-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Alex,Thanks for the idea. I have done something more basic than that where the number didn't change as often. The umm.. 'person' attacking my server has figured out part of what I am doing to block him. What he doesn't know is I am doing other checks to thwart him and re-direct all suspect submissions to me.I will look into adding what you suggest.Thanks!DaleOn Dec 6, 2003, at 9:26 AM, Alex McCombie wrote:> On 12/6/03 2:22 AM, "CN Stuff" wrote:>>> I was thinking I could pass something from the previous page that was>> required on the posted page I could somehow thwart this loser. I guess>> I will just go with the referrer.>>>> Thanks>>>> Dale> Dale if you really want to stop this try this logic.>> On the submittal page, have a search tag that searches a key database.> The database is simple..>> One field> SKU KEY> 1 23456787654>>> That's it. The number is random.>> Set a trigger to be called say every 30 minutes or so that just calls > a page> that simply does 2 things:>> replaces sku record 1 with a random number.>> The replaces a key.inc that sits in globals or somewhere standard for > you> with the same number.>> Then on the form page the inc file is inserted into a variable and on > the> submittal the search string simply checks the key db against the value > of> the key.inc>> Whalla randomly rotating key number that updates itself automatically.>> There is a very small chance that someone who got the form before the > number> changed when submitting it would get a mismatched number.>> This is easily resolved, if you're really concerned about it, by simply> using 2 numbers in the key.db.>> The 1 sku is the new number, and the 2 sku is the 1 sku moved down as > number> one is changed. This guarantees you will never get mismatched failure > and it> is pretty much as simple and secure.>> HTH> Alex-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
CN Stuff
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
OT: looking for help creating a masked image with Photoshop orFireworks (2002)
GrandTotal not right (1997)
[WebDNA] UTF-8 encoding issues (2010)
Webcat 2.0.1b1 bug with IE 3.01/4.0p1 (1997)
Advice (2003)
Signal Raised (1997)
Fed Ex Interaction (2003)
WC2.0 Memory Requirements (1997)
ShowNext for method=POST (1997)
Webcat2, WebCommerce, Mod 10 etc. (1997)
WebTEN vs webSTAR (1998)
creator code (1997)
Browser Reloads and AddlineItem (1997)
Sorting by date (1997)
SiteEdit NewFile.html ? (1997)
Unexpected error (1997)
Bug or syntax error on my part? (1997)
WebMerchant 1.6 and SHTML (1997)
possible, WebCat2.0 and checkboxes-restated (1997)
NT Setup (1998)