Re: hmmm
This WebDNA talk-list message is from 2006
It keeps the original formatting.
numero = 67406
interpreted = N
texte = Does the mod_rewrite fix take care of the issue that John describes below?Thanks,-Dan"I've confirmed through testing with the "Examples" page that any paired context ([context]something[/context]) can be broken by passing a null value as a URL value. If you use exclusively POST and not GET pages, you may be immune from this behavior (but it depends on your web server, since some will happily pass along URL parameters even to a POST)."-- John PeacockOn Wed, 07 Jun 2006 09:21:59 -0500 Clint Davis
wrote:> I went with Jesse's Apache mod_rewrite fix. Prevents trouble with any/all> virtual hosts.> > > On 6/6/06 11:58 PM, "Dan Strong" wrote:> >> Any word from SMSI on a fix for this?>> -Dan>> >> On Sat, 03 Jun 2006 20:55:21 -0700>> "Dan Strong" wrote:>>> Yowza.>>> -Dan>>> >>> On Tue, 30 May 2006 12:18:11 -0700>>> Jesse Proudman wrote:>>>> [This was reported to SM a week or two ago]>>>> >>>> On a security note...>>>> >>>> http://www.smithmicro.com/?text=&!=&math=>>>> >>>> I solved this on my servers using Mod Rewrite, but every one may want to do>>>> something to block>>>> it on their boxes. Make sure you don't store sensitive information>>>> (Authorize.net username />>>> passwords, etc) in text vars until you've got it patched.>>>> >>>> >>>> On May 30, 2006, at 11:38 AM, WJ Starck wrote:>>>> >>>>> Indeed.>>>>> >>>>> What else can ya say, in a day and age where security and>>>>> extensibility are at the forefront of many an admin's mind?>>>>> >>>>> R.I.P. beloved WebDNA...> > > > > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Does the mod_rewrite fix take care of the issue that John describes below?Thanks,-Dan"I've confirmed through testing with the "Examples" page that any paired context ([context]something[/context]) can be broken by passing a null value as a URL value. If you use exclusively POST and not GET pages, you may be immune from this behavior (but it depends on your web server, since some will happily pass along URL parameters even to a POST)."-- John PeacockOn Wed, 07 Jun 2006 09:21:59 -0500 Clint Davis wrote:> I went with Jesse's Apache mod_rewrite fix. Prevents trouble with any/all> virtual hosts.> > > On 6/6/06 11:58 PM, "Dan Strong" wrote:> >> Any word from SMSI on a fix for this?>> -Dan>> >> On Sat, 03 Jun 2006 20:55:21 -0700>> "Dan Strong" wrote:>>> Yowza.>>> -Dan>>> >>> On Tue, 30 May 2006 12:18:11 -0700>>> Jesse Proudman wrote:>>>> [This was reported to SM a week or two ago]>>>> >>>> On a security note...>>>> >>>> http://www.smithmicro.com/?text=&!=&math=>>>> >>>> I solved this on my servers using Mod Rewrite, but every one may want to do>>>> something to block>>>> it on their boxes. Make sure you don't store sensitive information>>>> (Authorize.net username />>>> passwords, etc) in text vars until you've got it patched.>>>> >>>> >>>> On May 30, 2006, at 11:38 AM, WJ Starck wrote:>>>> >>>>> Indeed.>>>>> >>>>> What else can ya say, in a day and age where security and>>>>> extensibility are at the forefront of many an admin's mind?>>>>> >>>>> R.I.P. beloved WebDNA...> > > > > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
"Dan Strong"
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] Secure Cookies (2020)
Integration? (1999)
Anyone have an invoicing system? (1999)
Fun with Dates - revisited (1997)
Multiple prices (1997)
Search question with a lookup (3 dbs) (2004)
How to show via drop down menu? (2000)
WebCat2b15MacPlugin - [protect] (1997)
Search in 2 or more catalogs (1997)
Secure Web Server (1999)
[WebDNA] MD5 Hash issue (2009)
Duplicate Carts (2006)
Major bug report on rootbeer (1997)
listfiles, moving files (1998)
RE: E-mailer error codes (1997)
Forms-2 actions (2003)
Silly Question (1997)
Fun with dates (1997)
Is this possible in simple search? question? (1998)
Showif, Hideif reverse logic ? (1997)