Re: hmmm
This WebDNA talk-list message is from 2006
It keeps the original formatting.
numero = 67325
interpreted = N
texte = Those are not the only ones to look out for.These need to be looked for also:searchdeletereplacefunctiontcpconnectshowcartifshowifthenelse....The list goes on.Does any one know if SM is going to patch this one?Jesse Proudman wrote:> Here's what I'm using:>> RewriteEngine On> RewriteCond %{QUERY_STRING} ^.*text=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*include=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*setheader=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*math=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*!=.*$ [NC]> RewriteRule ^.*$ - [F]>>> On May 30, 2006, at 1:10 PM, devaulw@onebox.com wrote:>>> Yikes. Any chance you can post the rewriterule for us?>>>> Thanks,>> Bill>>>>>> -----Original Message----->> From: Jesse Proudman
>> Sent: Tue, 30 May 2006 12:18:11 -0700>> To: "WebDNA Talk" >> Subject: Re: hmmm>>>> [This was reported to SM a week or two ago]>>>> On a security note...>>>> http://www.smithmicro.com/?text=&!=&math>> I solved this on my servers using Mod Rewrite, but every one may want>> to do something to block it on their boxes. Make sure you don't>> store sensitive information (Authorize.net username / passwords, etc)>> in text vars until you've got it patched.>>>>>> On May 30, 2006, at 11:38 AM, WJ Starck wrote:>>>>> Indeed.>>>>>> What else can ya say, in a day and age where security and>>> extensibility are at the forefront of many an admin's mind?>>>>>> R.I.P. beloved WebDNA...>>>> -- >>>> Jesse Proudman>> Blue Box Group, LLC>>>> p. +1.800.613.4305 x801>> e. jesse@blueboxgrp.com>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>> -- >> Jesse Proudman> Blue Box Group, LLC>> p. +1.800.613.4305 x801> e. jesse@blueboxgrp.com>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>>>> --No virus found in this incoming message.> Checked by AVG Free Edition.> Version: 7.1.394 / Virus Database: 268.8.0/352 - Release Date: 5/30/2006>>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Those are not the only ones to look out for.These need to be looked for also:searchdeletereplacefunctiontcpconnectshowcartifshowifthenelse....The list goes on.Does any one know if SM is going to patch this one?Jesse Proudman wrote:> Here's what I'm using:>> RewriteEngine On> RewriteCond %{QUERY_STRING} ^.*text=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*include=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*setheader=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*math=.*$ [NC,OR]> RewriteCond %{QUERY_STRING} ^.*!=.*$ [NC]> RewriteRule ^.*$ - [F]>>> On May 30, 2006, at 1:10 PM, devaulw@onebox.com wrote:>>> Yikes. Any chance you can post the rewriterule for us?>>>> Thanks,>> Bill>>>>>> -----Original Message----->> From: Jesse Proudman >> Sent: Tue, 30 May 2006 12:18:11 -0700>> To: "WebDNA Talk" >> Subject: Re: hmmm>>>> [This was reported to SM a week or two ago]>>>> On a security note...>>>> http://www.smithmicro.com/?text=&!=&math>> I solved this on my servers using Mod Rewrite, but every one may want>> to do something to block it on their boxes. Make sure you don't>> store sensitive information (Authorize.net username / passwords, etc)>> in text vars until you've got it patched.>>>>>> On May 30, 2006, at 11:38 AM, WJ Starck wrote:>>>>> Indeed.>>>>>> What else can ya say, in a day and age where security and>>> extensibility are at the forefront of many an admin's mind?>>>>>> R.I.P. beloved WebDNA...>>>> -- >>>> Jesse Proudman>> Blue Box Group, LLC>>>> p. +1.800.613.4305 x801>> e. jesse@blueboxgrp.com>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>> -- >> Jesse Proudman> Blue Box Group, LLC>> p. +1.800.613.4305 x801> e. jesse@blueboxgrp.com>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>>>> --No virus found in this incoming message.> Checked by AVG Free Edition.> Version: 7.1.394 / Virus Database: 268.8.0/352 - Release Date: 5/30/2006>>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Eric king
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
QuitFeedback & DBNotOpened errors (1997)
how do you and/or in a search? (1997)
WebCat2b13 Command Reference Doc error (1997)
Freeze (2003)
catagories (1997)
problems with 2 tags shakur (1997)
Show if time tags (1997)
WebCommerce: Folder organization ? (1997)
[WebDNA] Off topic: ImageMagick (2008)
Shopping carts and reloading pages (1997)
Bookmarked URL with cart (1998)
sudoers on RH (2003)
php vs WebCatalog (2000)
Searching multiple fields from one form field (1997)
Quick test - sorry (2004)
[Sum] function? (1997)
Fwd: HTML encoding in URLs (1997)
Nested tags count question (1997)
Purchased cart being overwritten (1997)
[WebDNA] Character Confusion: Diamond Shape with a Question Mark inside (2013)