Re: hmmm
This WebDNA talk-list message is from 2006
It keeps the original formatting.
numero = 67325
interpreted = N
texte = Those are not the only ones to look out for.These need to be looked for also:searchdeletereplacefunctiontcpconnectshowcartifshowifthenelse....The list goes on.Does any one know if SM is going to patch this one?Jesse Proudman wrote:> Here's what I'm using:>> RewriteEngine On> RewriteCond %{QUERY_STRING} ^.*text=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*include=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*setheader=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*math=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*!=.*$ [NC]> RewriteRule ^.*$ - [F]>>> On May 30, 2006, at 1:10 PM, devaulw@onebox.com wrote:>>> Yikes. Any chance you can post the rewriterule for us?>>>> Thanks,>> Bill>>>>>> -----Original Message----->> From: Jesse Proudman
>> Sent: Tue, 30 May 2006 12:18:11 -0700>> To: "WebDNA Talk" >> Subject: Re: hmmm>>>> [This was reported to SM a week or two ago]>>>> On a security note...>>>> http://www.smithmicro.com/?text=&!=&math>> I solved this on my servers using Mod Rewrite, but every one may want>> to do something to block it on their boxes. Make sure you don't>> store sensitive information (Authorize.net username / passwords, etc)>> in text vars until you've got it patched.>>>>>> On May 30, 2006, at 11:38 AM, WJ Starck wrote:>>>>> Indeed.>>>>>> What else can ya say, in a day and age where security and>>> extensibility are at the forefront of many an admin's mind?>>>>>> R.I.P. beloved WebDNA...>>>> -- >>>> Jesse Proudman>> Blue Box Group, LLC>>>> p. +1.800.613.4305 x801>> e. jesse@blueboxgrp.com>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>> -- >> Jesse Proudman> Blue Box Group, LLC>> p. +1.800.613.4305 x801> e. jesse@blueboxgrp.com>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>>>> --No virus found in this incoming message.> Checked by AVG Free Edition.> Version: 7.1.394 / Virus Database: 268.8.0/352 - Release Date: 5/30/2006>>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Those are not the only ones to look out for.These need to be looked for also:searchdeletereplacefunctiontcpconnectshowcartifshowifthenelse....The list goes on.Does any one know if SM is going to patch this one?Jesse Proudman wrote:> Here's what I'm using:>> RewriteEngine On> RewriteCond %{QUERY_STRING} ^.*text=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*include=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*setheader=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*math=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*!=.*$ [NC]> RewriteRule ^.*$ - [F]>>> On May 30, 2006, at 1:10 PM, devaulw@onebox.com wrote:>>> Yikes. Any chance you can post the rewriterule for us?>>>> Thanks,>> Bill>>>>>> -----Original Message----->> From: Jesse Proudman >> Sent: Tue, 30 May 2006 12:18:11 -0700>> To: "WebDNA Talk" >> Subject: Re: hmmm>>>> [This was reported to SM a week or two ago]>>>> On a security note...>>>> http://www.smithmicro.com/?text=&!=&math>> I solved this on my servers using Mod Rewrite, but every one may want>> to do something to block it on their boxes. Make sure you don't>> store sensitive information (Authorize.net username / passwords, etc)>> in text vars until you've got it patched.>>>>>> On May 30, 2006, at 11:38 AM, WJ Starck wrote:>>>>> Indeed.>>>>>> What else can ya say, in a day and age where security and>>> extensibility are at the forefront of many an admin's mind?>>>>>> R.I.P. beloved WebDNA...>>>> -- >>>> Jesse Proudman>> Blue Box Group, LLC>>>> p. +1.800.613.4305 x801>> e. jesse@blueboxgrp.com>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>> -- >> Jesse Proudman> Blue Box Group, LLC>> p. +1.800.613.4305 x801> e. jesse@blueboxgrp.com>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>>>> --No virus found in this incoming message.> Checked by AVG Free Edition.> Version: 7.1.394 / Virus Database: 268.8.0/352 - Release Date: 5/30/2006>>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Eric king
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
No comment (1997)
Nesting searches. (1998)
Some shell fun (2004)
Replace context problem ... (1997)
Date stamp and purging (1998)
Setting up shop (1997)
Web Catalog not encrypting/decrypting problem (1998)
Interfacing WebMerchant to www.fedex.com (1997)
I'm Baaaaaaaaaack - Questions! (2000)
Re:no template caching (1997)
Max Record length (1997)
Creating a back button (1999)
Text data with spaces in them... (1997)
Img in goodpath (2001)
Searching multiple fields from one form field (1997)
One other big addition... (1997)
WebCat2b12 - nesting [tags] (1997)
[DOS]/DOS query - A SOLUTION (2003)
Using Applescript to process WebCatalog functions (1998)
State DB & TIme Zones (2003)