Re: hmmm
This WebDNA talk-list message is from 2006
It keeps the original formatting.
numero = 67324
interpreted = N
texte = Here's what I'm using:RewriteEngine OnRewriteCond %{QUERY_STRING} ^.*text=.*$ [NC,OR]RewriteCond %{QUERY_STRING} ^.*include=.*$ [NC,OR]RewriteCond %{QUERY_STRING} ^.*setheader=.*$ [NC,OR]RewriteCond %{QUERY_STRING} ^.*math=.*$ [NC,OR]RewriteCond %{QUERY_STRING} ^.*!=.*$ [NC]RewriteRule ^.*$ - [F]On May 30, 2006, at 1:10 PM, devaulw@onebox.com wrote:> Yikes. Any chance you can post the rewriterule for us?>> Thanks,> Bill>>> -----Original Message-----> From: Jesse Proudman
> Sent: Tue, 30 May 2006 12:18:11 -0700> To: "WebDNA Talk" > Subject: Re: hmmm>> [This was reported to SM a week or two ago]>> On a security note...>> http://www.smithmicro.com/?text=&!=&math> I solved this on my servers using Mod Rewrite, but every one may want> to do something to block it on their boxes. Make sure you don't> store sensitive information (Authorize.net username / passwords, etc)> in text vars until you've got it patched.>>> On May 30, 2006, at 11:38 AM, WJ Starck wrote:>>> Indeed.>>>> What else can ya say, in a day and age where security and>> extensibility are at the forefront of many an admin's mind?>>>> R.I.P. beloved WebDNA...>> -->> Jesse Proudman> Blue Box Group, LLC>> p. +1.800.613.4305 x801> e. jesse@blueboxgrp.com>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com>> Web Archive of this list is at: http://webdna.smithmicro.com/--Jesse ProudmanBlue Box Group, LLCp. +1.800.613.4305 x801e. jesse@blueboxgrp.com-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Here's what I'm using:RewriteEngine OnRewriteCond %{QUERY_STRING} ^.*text=.*$ [NC,OR]RewriteCond %{QUERY_STRING} ^.*include=.*$ [NC,OR]RewriteCond %{QUERY_STRING} ^.*setheader=.*$ [NC,OR]RewriteCond %{QUERY_STRING} ^.*math=.*$ [NC,OR]RewriteCond %{QUERY_STRING} ^.*!=.*$ [NC]RewriteRule ^.*$ - [F]On May 30, 2006, at 1:10 PM, devaulw@onebox.com wrote:> Yikes. Any chance you can post the rewriterule for us?>> Thanks,> Bill>>> -----Original Message-----> From: Jesse Proudman > Sent: Tue, 30 May 2006 12:18:11 -0700> To: "WebDNA Talk" > Subject: Re: hmmm>> [This was reported to SM a week or two ago]>> On a security note...>> http://www.smithmicro.com/?text=&!=&math> I solved this on my servers using Mod Rewrite, but every one may want> to do something to block it on their boxes. Make sure you don't> store sensitive information (Authorize.net username / passwords, etc)> in text vars until you've got it patched.>>> On May 30, 2006, at 11:38 AM, WJ Starck wrote:>>> Indeed.>>>> What else can ya say, in a day and age where security and>> extensibility are at the forefront of many an admin's mind?>>>> R.I.P. beloved WebDNA...>> -->> Jesse Proudman> Blue Box Group, LLC>> p. +1.800.613.4305 x801> e. jesse@blueboxgrp.com>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com>> Web Archive of this list is at: http://webdna.smithmicro.com/>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com>> Web Archive of this list is at: http://webdna.smithmicro.com/--Jesse ProudmanBlue Box Group, LLCp. +1.800.613.4305 x801e. jesse@blueboxgrp.com-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Jesse Proudman
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WC Database Format (1997)
Execute Applescript (1997)
Which GUI HTML editors work with WC ? (1997)
Emailer file formats (1998)
Clear command and ShoppingCart.tmpl (1997)
WebCat2 several catalogs? (1997)
File type (2000)
[Announce] Newest Commerce Site based on WebCatalog (1997)
Latest compatible Apache (2006)
[WebDNA] Installing 7.1.702 on CentOS (2012)
How Many SKU's is enough? (1997)
emailer stuck (1997)
Ticket Ordering Question (2003)
[OT] Appropriate Signature??? (2003)
[Listfiles] vs Netfinder (1997)
Event Calendar added to the Intranet Edition (2002)
WebCatalog2 Feature Feedback (1996)
I'm tired of all this! (2000)
Make sure I understand this??? (1997)
where to put code (1998)