Re: hmmm
This WebDNA talk-list message is from 2006
It keeps the original formatting.
numero = 67359
interpreted = N
texte = Does POST vs. GET really matter if we are talking about malicious users? I can ensure I never generate a link that has the name a paired context, but what if a user gets wise?Also, has someone checked if a named function breaks (or not since that is not paired)? Thanks,Bill-----Original Message-----From: John Peacock
Sent: Wed, 31 May 2006 13:08:44 -0400To: "WebDNA Talk" Subject: Re: hmmmJesse Proudman wrote:> > It's a _huge_ security concern.I've confirmed through testing with the "Examples" page that any paired context ([context]something[/context]) can be broken by passing a null value as a URL value. If you use exclusively POST and not GET pages, you may be immune from this behavior (but it depends on your web server, since some will happily pass along URL parameters even to a POST).John-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4501 Forbes BoulevardSuite HLanham, MD 20706301-459-3366 x.5010fax 301-429-5748-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Does POST vs. GET really matter if we are talking about malicious users? I can ensure I never generate a link that has the name a paired context, but what if a user gets wise?Also, has someone checked if a named function breaks (or not since that is not paired)? Thanks,Bill-----Original Message-----From: John Peacock Sent: Wed, 31 May 2006 13:08:44 -0400To: "WebDNA Talk" Subject: Re: hmmmJesse Proudman wrote:> > It's a _huge_ security concern.I've confirmed through testing with the "Examples" page that any paired context ([context]something[/context]) can be broken by passing a null value as a URL value. If you use exclusively POST and not GET pages, you may be immune from this behavior (but it depends on your web server, since some will happily pass along URL parameters even to a POST).John-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4501 Forbes BoulevardSuite HLanham, MD 20706301-459-3366 x.5010fax 301-429-5748-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
devaulw@onebox.com
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Emailer problems. (1998)
[LOOKUP] (1997)
WebCat2b13MacPlugIn - [include] doesn't allow creator (1997)
WebCatalog can't find database (1997)
Large databases in WebCat (1997)
Custom Shipping Charges (1997)
OS X permissions to write to Globals directory (2003)
How To (2003)
WC1.6 to WC2 date formatting (1997)
[WebDNA] Substring Search (2017)
WebCat2b13MacPlugIn - [shownext method=post] ??? (1997)
Updating fields from different platforms (1998)
search context w shownext works! (1997)
'does not contain' operator needed ... (1997)
WC TableGrinder (1997)
Re:Variable Math (1998)
webmerchant and check cashing (1998)
WebCat2b12plugin - [search] is broken ... not! (1997)
[UPPERCASE] (1997)
[BULK] [WebDNA] Happy St. Patricks Day WEBDNA (2018)