Re: Orderfile Encryption
This WebDNA talk-list message is from 2007
It keeps the original formatting.
numero = 69048
interpreted = N
texte = Clint Davis wrote:> The double [url] was discussed at some point on the list. I thought it was> required. I'll try with the single [url] and see what happens.The double [url] is required because [encrypt] can include some high ASCII characters that are not escaped properly with a single [url] (whether that is a bug or not is up for discuss). A single [unurl] is required when reading the data back out, because WebDNA implicitly has an [unurl] for any header field.As for encrypting the contents of the AccountNum field, I don't think that is possible; WebDNA has special handling for that field (checksum, et al) that may limit the effective size of the field (though it isn't mentioned in the docs that I can see). I would use the AC (Account) PayMethod and store the encrypted CC number in one of the Text[A-Z] fields instead. It may be that if you use AC for PayMethod, you can then stuff the encrypted CC in the AccountNum field.However, be aware that anyone with physical access to your server (which is what is required to read the order files), would have access to your templates as well (unless you encrypt those two) and would be able to gain access to your seed value to decrypt the order files. Security is only useful if you understands both its strengths and weaknesses...HTHJohn-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4501 Forbes BoulevardSuite HLanham, MD 20706301-459-3366 x.5010fax 301-429-5748-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Clint Davis wrote:> The double [url] was discussed at some point on the list. I thought it was> required. I'll try with the single [url] and see what happens.The double [url] is required because [encrypt] can include some high ASCII characters that are not escaped properly with a single [url] (whether that is a bug or not is up for discuss). A single [unurl] is required when reading the data back out, because WebDNA implicitly has an [unurl] for any header field.As for encrypting the contents of the AccountNum field, I don't think that is possible; WebDNA has special handling for that field (checksum, et al) that may limit the effective size of the field (though it isn't mentioned in the docs that I can see). I would use the AC (Account) PayMethod and store the encrypted CC number in one of the Text[A-Z] fields instead. It may be that if you use AC for PayMethod, you can then stuff the encrypted CC in the AccountNum field.However, be aware that anyone with physical access to your server (which is what is required to read the order files), would have access to your templates as well (unless you encrypt those two) and would be able to gain access to your seed value to decrypt the order files. Security is only useful if you understands both its strengths and weaknesses...HTHJohn-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4501 Forbes BoulevardSuite HLanham, MD 20706301-459-3366 x.5010fax 301-429-5748-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
John Peacock
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
writing checkboxes to a database (2000)
RAM variables (1997)
WCS Newbie question (1997)
2.1.5: Too Many Nested [xxx] (1998)
Add to a field (1998)
A Global Variable (1997)
Download URL & access on the fly ? (1997)
Intermitent problem using [referrer] (1997)
OT : javascript form filling (2000)
Stumped (1999)
Blowback and budgets. (2000)
Subtotal Not Calculated on Invoice.html (1998)
[format] problem (2001)
Director 7 (1999)
WebCatalog2 Feature Feedback (1996)
[isfile] ? (1997)
WebCatalog 2.0 b 15 mac (1997)
Emailer compatibility..... (1998)
FYI: virus alert (1996)
info (1997)