Re: encrypting without "ugly" URLs

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 60842
interpreted = N
texte = Joe D'Andrea wrote: > Can anyone verify that method=apop or method=base64 will always yield ascii strings? Yes, but base64 is not encrypted, rather it is encoded, and anyone with half a brain can decode the data. Although the WebDNA docs describe APOP as "the MD5 encryption used by email servers that support APOP authentication" APOP is a challenge/response negotiation scheme that originally never used encryption at all. Strictly speaking, what WebDNA provides is similar to a CRAM-MD5 digest. With that in mind, you should probably use the MD5 (apop) as opposed to the Triple-DES (Cybercash), WebDNA (default proprietary), or base64 schemes. I would also suggest that you should be using cookies and only pass the [cart] back and forth (hence you don't even need encryption since the secret data never leaves the server). HTH John -- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4720 Boston Way Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5747 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: encrypting without "ugly" URLs ( John Peacock 2005)
  2. Re: encrypting without "ugly" URLs ( Joe D'Andrea 2005)
  3. Re: encrypting without "ugly" URLs ( John Peacock 2005)
  4. Re: encrypting without "ugly" URLs ( John Peacock 2005)
  5. encrypting without "ugly" URLs ( Joe D'Andrea 2005)
Joe D'Andrea wrote: > Can anyone verify that method=apop or method=base64 will always yield ascii strings? Yes, but base64 is not encrypted, rather it is encoded, and anyone with half a brain can decode the data. Although the WebDNA docs describe APOP as "the MD5 encryption used by email servers that support APOP authentication" APOP is a challenge/response negotiation scheme that originally never used encryption at all. Strictly speaking, what WebDNA provides is similar to a CRAM-MD5 digest. With that in mind, you should probably use the MD5 (apop) as opposed to the Triple-DES (Cybercash), WebDNA (default proprietary), or base64 schemes. I would also suggest that you should be using cookies and only pass the [cart] back and forth (hence you don't even need encryption since the secret data never leaves the server). HTH John -- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4720 Boston Way Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5747 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

unable to run webcatalog locally (1998) [WebDNA] Copy database from domain 1 to domain 2 (2010) MATH TIME (1997) Multiple Merchant Accounts? (1997) Getting Total Quantity (1997) Re:PCS Customer submissions ? (1997) Full text search (1999) New Site Announcement (1998) WebCat2b12 CGI Mac - [shownext] problem (1997) [INCLUDE] Limitations (1998) categorys (1998) security problem (1997) Form Variables (2000) Multiple fields on 1 input (1997) Frames and WebCat (1997) Artwork (1997) WebCatalog for guestbook ? (1997) searching illegal HTML (2002) Next X hits (1996) simple [convertChars] Q (2000)