Re: encrypting without "ugly" URLs
This WebDNA talk-list message is from 2005
It keeps the original formatting.
numero = 60842
interpreted = N
texte = Joe D'Andrea wrote:> Can anyone verify that method=apop or method=base64 will always yield ascii strings?Yes, but base64 is not encrypted, rather it is encoded, and anyone with half a brain can decode the data. Although the WebDNA docs describe APOP as "the MD5 encryption used by email servers that support APOP authentication" APOP is a challenge/response negotiation scheme that originally never used encryption at all. Strictly speaking, what WebDNA provides is similar to a CRAM-MD5 digest.With that in mind, you should probably use the MD5 (apop) as opposed to the Triple-DES (Cybercash), WebDNA (default proprietary), or base64 schemes. I would also suggest that you should be using cookies and only pass the [cart] back and forth (hence you don't even need encryption since the secret data never leaves the server).HTHJohn-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4720 Boston WayLanham, MD 20706301-459-3366 x.5010fax 301-429-5747-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Joe D'Andrea wrote:> Can anyone verify that method=apop or method=base64 will always yield ascii strings?Yes, but base64 is not encrypted, rather it is encoded, and anyone with half a brain can decode the data. Although the WebDNA docs describe APOP as "the MD5 encryption used by email servers that support APOP authentication" APOP is a challenge/response negotiation scheme that originally never used encryption at all. Strictly speaking, what WebDNA provides is similar to a CRAM-MD5 digest.With that in mind, you should probably use the MD5 (apop) as opposed to the Triple-DES (Cybercash), WebDNA (default proprietary), or base64 schemes. I would also suggest that you should be using cookies and only pass the [cart] back and forth (hence you don't even need encryption since the secret data never leaves the server).HTHJohn-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4720 Boston WayLanham, MD 20706301-459-3366 x.5010fax 301-429-5747-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
John Peacock
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
unable to run webcatalog locally (1998)
[WebDNA] Copy database from domain 1 to domain 2 (2010)
MATH TIME (1997)
Multiple Merchant Accounts? (1997)
Getting Total Quantity (1997)
Re:PCS Customer submissions ? (1997)
Full text search (1999)
New Site Announcement (1998)
WebCat2b12 CGI Mac - [shownext] problem (1997)
[INCLUDE] Limitations (1998)
categorys (1998)
security problem (1997)
Form Variables (2000)
Multiple fields on 1 input (1997)
Frames and WebCat (1997)
Artwork (1997)
WebCatalog for guestbook ? (1997)
searching illegal HTML (2002)
Next X hits (1996)
simple [convertChars] Q (2000)