Re: [WebDNA] Putting '&search' into URL killing all search contexts

This WebDNA talk-list message is from

2010


It keeps the original formatting.
numero = 105354
interpreted = N
texte = --0016e6dd98dbd839800489182de7 Content-Type: text/plain; charset=UTF-8 Brian, Hi - no panic here. I just worry that the code on our sites could have been exposed and it would appear that the issue has been known about for some time at least. It's obviously bad practice on my part but I have left things in WebDNA comments that I wouldn't want in the public domain in the belief that they would never be served out. I also use tables a lot and this problem can expose their contents. Anyhow in the meantime I have added the following code at the top of my pre-parse script to deal with the problem. I checked using [elapsedtime] and it doesn't appear to put much if any overhead on the serving of pages. - Tom [formvariables name=!][redirect /][/formvariables] [formvariables name=addfields][redirect /][/formvariables] [formvariables name=addlineitem][redirect /][/formvariables] [formvariables name=append][redirect /][/formvariables] [formvariables name=appendfile][redirect /][/formvariables] [formvariables name=applescript][redirect /][/formvariables] [formvariables name=arrayget][redirect /][/formvariables] [formvariables name=arrayset][redirect /][/formvariables] [formvariables name=authenticate][redirect /][/formvariables] [formvariables name=boldwords][redirect /][/formvariables] [formvariables name=browsername][redirect /][/formvariables] [formvariables name=calcfilecrc32][redirect /][/formvariables] [formvariables name=capitalize][redirect /][/formvariables] [formvariables name=cart][redirect /][/formvariables] [formvariables name=case][redirect /][/formvariables] [formvariables name=clearlineitems][redirect /][/formvariables] [formvariables name=closedatabase][redirect /][/formvariables] [formvariables name=command][redirect /][/formvariables] [formvariables name=commitdatabase][redirect /][/formvariables] [formvariables name=convertchars][redirect /][/formvariables] [formvariables name=convertwords][redirect /][/formvariables] [formvariables name=copyfile][redirect /][/formvariables] [formvariables name=copyfolder][redirect /][/formvariables] [formvariables name=countchars][redirect /][/formvariables] [formvariables name=countwords][redirect /][/formvariables] [formvariables name=createfolder][redirect /][/formvariables] [formvariables name=date][redirect /][/formvariables] [formvariables name=ddeconnect][redirect /][/formvariables] [formvariables name=ddesend][redirect /][/formvariables] [formvariables name=decrypt][redirect /][/formvariables] [formvariables name=delete][redirect /][/formvariables] [formvariables name=deletefile][redirect /][/formvariables] [formvariables name=deletefolder][redirect /][/formvariables] [formvariables name=dos][redirect /][/formvariables] [formvariables name=elapsedtime][redirect /][/formvariables] [formvariables name=else][redirect /][/formvariables] [formvariables name=encrypt][redirect /][/formvariables] [formvariables name=exclusivelock][redirect /][/formvariables] [formvariables name=filecompare][redirect /][/formvariables] [formvariables name=fileinfo][redirect /][/formvariables] [formvariables name=findstring][redirect /][/formvariables] [formvariables name=flushcache][redirect /][/formvariables] [formvariables name=flushdatabases][redirect /][/formvariables] [formvariables name=format][redirect /][/formvariables] [formvariables name=format][redirect /][/formvariables] [formvariables name=formvariables][redirect /][/formvariables] [formvariables name=founditems][redirect /][/formvariables] [formvariables name=freememory][redirect /][/formvariables] [formvariables name=function][redirect /][/formvariables] [formvariables name=getchars][redirect /][/formvariables] [formvariables name=getcookie][redirect /][/formvariables] [formvariables name=getmimeheader][redirect /][/formvariables] [formvariables name=grep][redirect /][/formvariables] [formvariables name=hideif][redirect /][/formvariables] [formvariables name=html1][redirect /][/formvariables] [formvariables name=html2][redirect /][/formvariables] [formvariables name=html3][redirect /][/formvariables] [formvariables name=httpmethod][redirect /][/formvariables] [formvariables name=if][redirect /][/formvariables] [formvariables name=include][redirect /][/formvariables] [formvariables name=input][redirect /][/formvariables] [formvariables name=interpret][redirect /][/formvariables] [formvariables name=ipaddress][redirect /][/formvariables] [formvariables name=issecureclient][redirect /][/formvariables] [formvariables name=lastautonumner][redirect /][/formvariables] [formvariables name=lastrandom][redirect /][/formvariables] [formvariables name=lineitems][redirect /][/formvariables] [formvariables name=listchars][redirect /][/formvariables] [formvariables name=listcookies][redirect /][/formvariables] [formvariables name=listdatabases][redirect /][/formvariables] [formvariables name=listfields][redirect /][/formvariables] [formvariables name=listfiles][redirect /][/formvariables] [formvariables name=listmimeheaders][redirect /][/formvariables] [formvariables name=listpath][redirect /][/formvariables] [formvariables name=listvariables][redirect /][/formvariables] [formvariables name=listwords][redirect /][/formvariables] [formvariables name=lookup][redirect /][/formvariables] [formvariables name=lookup][redirect /][/formvariables] [formvariables name=loop][redirect /][/formvariables] [formvariables name=lowercase][redirect /][/formvariables] [formvariables name=math][redirect /][/formvariables] [formvariables name=middle][redirect /][/formvariables] [formvariables name=movefile][redirect /][/formvariables] [formvariables name=object][redirect /][/formvariables] [formvariables name=orderfile][redirect /][/formvariables] [formvariables name=password][redirect /][/formvariables] [formvariables name=platform][redirect /][/formvariables] [formvariables name=product][redirect /][/formvariables] [formvariables name=protect][redirect /][/formvariables] [formvariables name=purchase][redirect /][/formvariables] [formvariables name=random][redirect /][/formvariables] [formvariables name=raw][redirect /][/formvariables] [formvariables name=redirect][redirect /][/formvariables] [formvariables name=referrer][redirect /][/formvariables] [formvariables name=removehtml][redirect /][/formvariables] [formvariables name=removelineitem][redirect /][/formvariables] [formvariables name=replace][redirect /][/formvariables] [formvariables name=replacefounditems][redirect /][/formvariables] [formvariables name=return][redirect /][/formvariables] [formvariables name=returnraw][redirect /][/formvariables] [formvariables name=scope][redirect /][/formvariables] [formvariables name=search][redirect /][/formvariables] [formvariables name=sendmail][redirect /][/formvariables] [formvariables name=setcookie][redirect /][/formvariables] [formvariables name=setheader][redirect /][/formvariables] [formvariables name=setlineitem][redirect /][/formvariables] [formvariables name=setmimeheader][redirect /][/formvariables] [formvariables name=shell][redirect /][/formvariables] [formvariables name=showif][redirect /][/formvariables] [formvariables name=shownext][redirect /][/formvariables] [formvariables name=spawn][redirect /][/formvariables] [formvariables name=sql][redirect /][/formvariables] [formvariables name=sql][redirect /][/formvariables] [formvariables name=sqlconnect][redirect /][/formvariables] [formvariables name=sqldisconnect][redirect /][/formvariables] [formvariables name=sqlexecute][redirect /][/formvariables] [formvariables name=sqlinfo][redirect /][/formvariables] [formvariables name=sqlrelease][redirect /][/formvariables] [formvariables name=sqlresult][redirect /][/formvariables] [formvariables name=switch][redirect /][/formvariables] [formvariables name=table][redirect /][/formvariables] [formvariables name=tcpconnect][redirect /][/formvariables] [formvariables name=tcpsend][redirect /][/formvariables] [formvariables name=text][redirect /][/formvariables] [formvariables name=then][redirect /][/formvariables] [formvariables name=thisurl][redirect /][/formvariables] [formvariables name=time][redirect /][/formvariables] [formvariables name=unurl][redirect /][/formvariables] [formvariables name=uppercase][redirect /][/formvariables] [formvariables name=url][redirect /][/formvariables] [formvariables name=username][redirect /][/formvariables] [formvariables name=validcard][redirect /][/formvariables] [formvariables name=version][redirect /][/formvariables] [formvariables name=version][redirect /][/formvariables] [formvariables name=waitforfile][redirect /][/formvariables] [formvariables name=writefile][redirect /][/formvariables] [formvariables name=xmlnode][redirect /][/formvariables] [formvariables name=xmlnodes][redirect /][/formvariables] [formvariables name=xmlnodesattributes][redirect /][/formvariables] [formvariables name=xmlparse][redirect /][/formvariables] [formvariables name=xsl][redirect /][/formvariables] [formvariables name=xslt][redirect /][/formvariables] --0016e6dd98dbd839800489182de7 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Brian,

Hi - no panic here. =C2=A0 I just worry that the = code on our sites could have been exposed and it would appear that the issu= e has been known about for some time at least.

It&= #39;s obviously bad practice on my part but I have left things in WebDNA co= mments that I wouldn't want in the public domain in the belief that the= y would never be served out. =C2=A0 I also use tables a lot and this proble= m can expose their contents.

Anyhow in the meantime I have added the following code = at the top of my pre-parse script to deal with the problem. =C2=A0I checked= using [elapsedtime] and it doesn't appear to put much if any overhead = on the serving of pages.

- Tom


[for= mvariables name=3D!][redirect /][/formvariables]
[formvariables n= ame=3Daddfields][redirect /][/formvariables]
[formvariables name= =3Daddlineitem][redirect /][/formvariables]
[formvariables name=3Dappend][redirect /][/formvariables]
[f= ormvariables name=3Dappendfile][redirect /][/formvariables]
[form= variables name=3Dapplescript][redirect /][/formvariables]=C2=A0
[= formvariables name=3Darrayget][redirect /][/formvariables]
[formvariables name=3Darrayset][redirect /][/formvariables]
= [formvariables name=3Dauthenticate][redirect /][/formvariables]
[= formvariables name=3Dboldwords][redirect /][/formvariables]
[form= variables name=3Dbrowsername][redirect /][/formvariables]
[formvariables name=3Dcalcfilecrc32][redirect /][/formvariables]
=
[formvariables name=3Dcapitalize][redirect /][/formvariables]
[formvariables name=3Dcart][redirect /][/formvariables]
[formva= riables name=3Dcase][redirect /][/formvariables]
[formvariables name=3Dclearlineitems][redirect /][/formvariables]
[formvariables name=3Dclosedatabase][redirect /][/formvariables]
[formvariables name=3Dcommand][redirect /][/formvariables]
= [formvariables name=3Dcommitdatabase][redirect /][/formvariables]
[formvariables name=3Dconvertchars][redirect /][/formvariables]
<= div>[formvariables name=3Dconvertwords][redirect /][/formvariables]
[formvariables name=3Dcopyfile][redirect /][/formvariables]
[f= ormvariables name=3Dcopyfolder][redirect /][/formvariables]
[formvariables name=3Dcountchars][redirect /][/formvariables]
[formvariables name=3Dcountwords][redirect /][/formvariables]
[= formvariables name=3Dcreatefolder][redirect /][/formvariables]
[f= ormvariables name=3Ddate][redirect /][/formvariables]
[formvariables name=3Dddeconnect][redirect /][/formvariables]
[formvariables name=3Dddesend][redirect /][/formvariables]
[for= mvariables name=3Ddecrypt][redirect /][/formvariables]
[formvaria= bles name=3Ddelete][redirect /][/formvariables]
[formvariables name=3Ddeletefile][redirect /][/formvariables]
[formvariables name=3Ddeletefolder][redirect /][/formvariables][formvariables name=3Ddos][redirect /][/formvariables]
[formvari= ables name=3Delapsedtime][redirect /][/formvariables]
[formvariables name=3Delse][redirect /][/formvariables]
[for= mvariables name=3Dencrypt][redirect /][/formvariables]
[formvaria= bles name=3Dexclusivelock][redirect /][/formvariables]
[formvaria= bles name=3Dfilecompare][redirect /][/formvariables]
[formvariables name=3Dfileinfo][redirect /][/formvariables]
= [formvariables name=3Dfindstring][redirect /][/formvariables]
[fo= rmvariables name=3Dflushcache][redirect /][/formvariables]
[formv= ariables name=3Dflushdatabases][redirect /][/formvariables]
[formvariables name=3Dformat][redirect /][/formvariables]
[f= ormvariables name=3Dformat][redirect /][/formvariables]
[formvari= ables name=3Dformvariables][redirect /][/formvariables]
[formvari= ables name=3Dfounditems][redirect /][/formvariables]
[formvariables name=3Dfreememory][redirect /][/formvariables]
[formvariables name=3Dfunction][redirect /][/formvariables]
[fo= rmvariables name=3Dgetchars][redirect /][/formvariables]
[formvar= iables name=3Dgetcookie][redirect /][/formvariables]
[formvariables name=3Dgetmimeheader][redirect /][/formvariables]
=
[formvariables name=3Dgrep][redirect /][/formvariables]
[for= mvariables name=3Dhideif][redirect /][/formvariables]
[formvariab= les name=3Dhtml1][redirect /][/formvariables]
[formvariables name=3Dhtml2][redirect /][/formvariables]
[fo= rmvariables name=3Dhtml3][redirect /][/formvariables]
[formvariab= les name=3Dhttpmethod][redirect /][/formvariables]
[formvariables= name=3Dif][redirect /][/formvariables]
[formvariables name=3Dinclude][redirect /][/formvariables]
[= formvariables name=3Dinput][redirect /][/formvariables]
[formvari= ables name=3Dinterpret][redirect /][/formvariables]
[formvariable= s name=3Dipaddress][redirect /][/formvariables]
[formvariables name=3Dissecureclient][redirect /][/formvariables]
[formvariables name=3Dlastautonumner][redirect /][/formvariables]
[formvariables name=3Dlastrandom][redirect /][/formvariables]
<= div> [formvariables name=3Dlineitems][redirect /][/formvariables]
[for= mvariables name=3Dlistchars][redirect /][/formvariables]
[formvar= iables name=3Dlistcookies][redirect /][/formvariables]
[formvaria= bles name=3Dlistdatabases][redirect /][/formvariables]
[formvariables name=3Dlistfields][redirect /][/formvariables]
[formvariables name=3Dlistfiles][redirect /][/formvariables]
[f= ormvariables name=3Dlistmimeheaders][redirect /][/formvariables]=C2=A0
[formvariables name=3Dlistpath][redirect /][/formvariables]
[formvariables name=3Dlistvariables][redirect /][/formvariables]
=
[formvariables name=3Dlistwords][redirect /][/formvariables]
[formvariables name=3Dlookup][redirect /][/formvariables]
[formv= ariables name=3Dlookup][redirect /][/formvariables]
[formvariables name=3Dloop][redirect /][/formvariables]
[for= mvariables name=3Dlowercase][redirect /][/formvariables]
[formvar= iables name=3Dmath][redirect /][/formvariables]
[formvariables na= me=3Dmiddle][redirect /][/formvariables]
[formvariables name=3Dmovefile][redirect /][/formvariables]
= [formvariables name=3Dobject][redirect /][/formvariables]
[formva= riables name=3Dorderfile][redirect /][/formvariables]
[formvariab= les name=3Dpassword][redirect /][/formvariables]
[formvariables name=3Dplatform][redirect /][/formvariables]
= [formvariables name=3Dproduct][redirect /][/formvariables]
[formv= ariables name=3Dprotect][redirect /][/formvariables]
[formvariabl= es name=3Dpurchase][redirect /][/formvariables]
[formvariables name=3Drandom][redirect /][/formvariables]
[f= ormvariables name=3Draw][redirect /][/formvariables]
[formvariabl= es name=3Dredirect][redirect /][/formvariables]
[formvariables na= me=3Dreferrer][redirect /][/formvariables]
[formvariables name=3Dremovehtml][redirect /][/formvariables]
[formvariables name=3Dremovelineitem][redirect /][/formvariables][formvariables name=3Dreplace][redirect /][/formvariables]
[fo= rmvariables name=3Dreplacefounditems][redirect /][/formvariables]
[formvariables name=3Dreturn][redirect /][/formvariables]
[f= ormvariables name=3Dreturnraw][redirect /][/formvariables]
[formv= ariables name=3Dscope][redirect /][/formvariables]
[formvariables= name=3Dsearch][redirect /][/formvariables]
[formvariables name=3Dsendmail][redirect /][/formvariables]
= [formvariables name=3Dsetcookie][redirect /][/formvariables]=C2=A0
[formvariables name=3Dsetheader][redirect /][/formvariables]
[f= ormvariables name=3Dsetlineitem][redirect /][/formvariables]
[formvariables name=3Dsetmimeheader][redirect /][/formvariables]
=
[formvariables name=3Dshell][redirect /][/formvariables]
[fo= rmvariables name=3Dshowif][redirect /][/formvariables]
[formvaria= bles name=3Dshownext][redirect /][/formvariables]
[formvariables name=3Dspawn][redirect /][/formvariables]
[fo= rmvariables name=3Dsql][redirect /][/formvariables]
[formvariable= s name=3Dsql][redirect /][/formvariables]
[formvariables name=3Ds= qlconnect][redirect /][/formvariables]
[formvariables name=3Dsqldisconnect][redirect /][/formvariables]
=
[formvariables name=3Dsqlexecute][redirect /][/formvariables]
[formvariables name=3Dsqlinfo][redirect /][/formvariables]
[for= mvariables name=3Dsqlrelease][redirect /][/formvariables]
[formvariables name=3Dsqlresult][redirect /][/formvariables]
[formvariables name=3Dswitch][redirect /][/formvariables]
[formv= ariables name=3Dtable][redirect /][/formvariables]
[formvariables= name=3Dtcpconnect][redirect /][/formvariables]
[formvariables name=3Dtcpsend][redirect /][/formvariables]
[= formvariables name=3Dtext][redirect /][/formvariables]
[formvaria= bles name=3Dthen][redirect /][/formvariables]
[formvariables name= =3Dthisurl][redirect /][/formvariables]
[formvariables name=3Dtime][redirect /][/formvariables]=C2=A0
[formvariables name=3Dunurl][redirect /][/formvariables]
[formv= ariables name=3Duppercase][redirect /][/formvariables]
[formvaria= bles name=3Durl][redirect /][/formvariables]
[formvariables name=3Dusername][redirect /][/formvariables]
= [formvariables name=3Dvalidcard][redirect /][/formvariables]
[for= mvariables name=3Dversion][redirect /][/formvariables]
[formvaria= bles name=3Dversion][redirect /][/formvariables]
[formvariables name=3Dwaitforfile][redirect /][/formvariables]
[formvariables name=3Dwritefile][redirect /][/formvariables]
[= formvariables name=3Dxmlnode][redirect /][/formvariables]
[formva= riables name=3Dxmlnodes][redirect /][/formvariables]
[formvariables name=3Dxmlnodesattributes][redirect /][/formvariables]<= /div>
[formvariables name=3Dxmlparse][redirect /][/formvariables]
=
[formvariables name=3Dxsl][redirect /][/formvariables]
[form= variables name=3Dxslt][redirect /][/formvariables]





--0016e6dd98dbd839800489182de7-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites ("Mr. Robert Minor Jr." 2010)
  2. Re: [WebDNA] Putting '&search' into URL killing all search (Alex McCombie 2010)
  3. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  4. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  5. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  6. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  7. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  8. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  9. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  10. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Marc Thompson 2010)
  11. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  12. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  13. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  14. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Brian Fries 2010)
  15. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  16. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Kenneth Grome 2010)
  17. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  18. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  19. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  20. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  21. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites ("Mr. Robert Minor Jr." 2010)
  22. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  23. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  24. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Brian Fries 2010)
  25. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  26. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Kenneth Grome 2010)
  27. RE: [WebDNA] Putting '&search' into URL killing all search contexts on my sites ("Olin Lagon" 2010)
  28. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  29. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Stuart Tremain 2010)
  30. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  31. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Stuart Tremain 2010)
  32. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  33. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  34. [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Tom Duke 2010)
--0016e6dd98dbd839800489182de7 Content-Type: text/plain; charset=UTF-8 Brian, Hi - no panic here. I just worry that the code on our sites could have been exposed and it would appear that the issue has been known about for some time at least. It's obviously bad practice on my part but I have left things in WebDNA comments that I wouldn't want in the public domain in the belief that they would never be served out. I also use tables a lot and this problem can expose their contents. Anyhow in the meantime I have added the following code at the top of my pre-parse script to deal with the problem. I checked using [elapsedtime] and it doesn't appear to put much if any overhead on the serving of pages. - Tom [formvariables name=!][redirect /][/formvariables] [formvariables name=addfields][redirect /][/formvariables] [formvariables name=addlineitem][redirect /][/formvariables] [formvariables name=append][redirect /][/formvariables] [formvariables name=appendfile][redirect /][/formvariables] [formvariables name=applescript][redirect /][/formvariables] [formvariables name=arrayget][redirect /][/formvariables] [formvariables name=arrayset][redirect /][/formvariables] [formvariables name=authenticate][redirect /][/formvariables] [formvariables name=boldwords][redirect /][/formvariables] [formvariables name=browsername][redirect /][/formvariables] [formvariables name=calcfilecrc32][redirect /][/formvariables] [formvariables name=capitalize][redirect /][/formvariables] [formvariables name=cart][redirect /][/formvariables] [formvariables name=case][redirect /][/formvariables] [formvariables name=clearlineitems][redirect /][/formvariables] [formvariables name=closedatabase][redirect /][/formvariables] [formvariables name=command][redirect /][/formvariables] [formvariables name=commitdatabase][redirect /][/formvariables] [formvariables name=convertchars][redirect /][/formvariables] [formvariables name=convertwords][redirect /][/formvariables] [formvariables name=copyfile][redirect /][/formvariables] [formvariables name=copyfolder][redirect /][/formvariables] [formvariables name=countchars][redirect /][/formvariables] [formvariables name=countwords][redirect /][/formvariables] [formvariables name=createfolder][redirect /][/formvariables] [formvariables name=date][redirect /][/formvariables] [formvariables name=ddeconnect][redirect /][/formvariables] [formvariables name=ddesend][redirect /][/formvariables] [formvariables name=decrypt][redirect /][/formvariables] [formvariables name=delete][redirect /][/formvariables] [formvariables name=deletefile][redirect /][/formvariables] [formvariables name=deletefolder][redirect /][/formvariables] [formvariables name=dos][redirect /][/formvariables] [formvariables name=elapsedtime][redirect /][/formvariables] [formvariables name=else][redirect /][/formvariables] [formvariables name=encrypt][redirect /][/formvariables] [formvariables name=exclusivelock][redirect /][/formvariables] [formvariables name=filecompare][redirect /][/formvariables] [formvariables name=fileinfo][redirect /][/formvariables] [formvariables name=findstring][redirect /][/formvariables] [formvariables name=flushcache][redirect /][/formvariables] [formvariables name=flushdatabases][redirect /][/formvariables] [formvariables name=format][redirect /][/formvariables] [formvariables name=format][redirect /][/formvariables] [formvariables name=formvariables][redirect /][/formvariables] [formvariables name=founditems][redirect /][/formvariables] [formvariables name=freememory][redirect /][/formvariables] [formvariables name=function][redirect /][/formvariables] [formvariables name=getchars][redirect /][/formvariables] [formvariables name=getcookie][redirect /][/formvariables] [formvariables name=getmimeheader][redirect /][/formvariables] [formvariables name=grep][redirect /][/formvariables] [formvariables name=hideif][redirect /][/formvariables] [formvariables name=html1][redirect /][/formvariables] [formvariables name=html2][redirect /][/formvariables] [formvariables name=html3][redirect /][/formvariables] [formvariables name=httpmethod][redirect /][/formvariables] [formvariables name=if][redirect /][/formvariables] [formvariables name=include][redirect /][/formvariables] [formvariables name=input][redirect /][/formvariables] [formvariables name=interpret][redirect /][/formvariables] [formvariables name=ipaddress][redirect /][/formvariables] [formvariables name=issecureclient][redirect /][/formvariables] [formvariables name=lastautonumner][redirect /][/formvariables] [formvariables name=lastrandom][redirect /][/formvariables] [formvariables name=lineitems][redirect /][/formvariables] [formvariables name=listchars][redirect /][/formvariables] [formvariables name=listcookies][redirect /][/formvariables] [formvariables name=listdatabases][redirect /][/formvariables] [formvariables name=listfields][redirect /][/formvariables] [formvariables name=listfiles][redirect /][/formvariables] [formvariables name=listmimeheaders][redirect /][/formvariables] [formvariables name=listpath][redirect /][/formvariables] [formvariables name=listvariables][redirect /][/formvariables] [formvariables name=listwords][redirect /][/formvariables] [formvariables name=lookup][redirect /][/formvariables] [formvariables name=lookup][redirect /][/formvariables] [formvariables name=loop][redirect /][/formvariables] [formvariables name=lowercase][redirect /][/formvariables] [formvariables name=math][redirect /][/formvariables] [formvariables name=middle][redirect /][/formvariables] [formvariables name=movefile][redirect /][/formvariables] [formvariables name=object][redirect /][/formvariables] [formvariables name=orderfile][redirect /][/formvariables] [formvariables name=password][redirect /][/formvariables] [formvariables name=platform][redirect /][/formvariables] [formvariables name=product][redirect /][/formvariables] [formvariables name=protect][redirect /][/formvariables] [formvariables name=purchase][redirect /][/formvariables] [formvariables name=random][redirect /][/formvariables] [formvariables name=raw][redirect /][/formvariables] [formvariables name=redirect][redirect /][/formvariables] [formvariables name=referrer][redirect /][/formvariables] [formvariables name=removehtml][redirect /][/formvariables] [formvariables name=removelineitem][redirect /][/formvariables] [formvariables name=replace][redirect /][/formvariables] [formvariables name=replacefounditems][redirect /][/formvariables] [formvariables name=return][redirect /][/formvariables] [formvariables name=returnraw][redirect /][/formvariables] [formvariables name=scope][redirect /][/formvariables] [formvariables name=search][redirect /][/formvariables] [formvariables name=sendmail][redirect /][/formvariables] [formvariables name=setcookie][redirect /][/formvariables] [formvariables name=setheader][redirect /][/formvariables] [formvariables name=setlineitem][redirect /][/formvariables] [formvariables name=setmimeheader][redirect /][/formvariables] [formvariables name=shell][redirect /][/formvariables] [formvariables name=showif][redirect /][/formvariables] [formvariables name=shownext][redirect /][/formvariables] [formvariables name=spawn][redirect /][/formvariables] [formvariables name=sql][redirect /][/formvariables] [formvariables name=sql][redirect /][/formvariables] [formvariables name=sqlconnect][redirect /][/formvariables] [formvariables name=sqldisconnect][redirect /][/formvariables] [formvariables name=sqlexecute][redirect /][/formvariables] [formvariables name=sqlinfo][redirect /][/formvariables] [formvariables name=sqlrelease][redirect /][/formvariables] [formvariables name=sqlresult][redirect /][/formvariables] [formvariables name=switch][redirect /][/formvariables] [formvariables name=table][redirect /][/formvariables] [formvariables name=tcpconnect][redirect /][/formvariables] [formvariables name=tcpsend][redirect /][/formvariables] [formvariables name=text][redirect /][/formvariables] [formvariables name=then][redirect /][/formvariables] [formvariables name=thisurl][redirect /][/formvariables] [formvariables name=time][redirect /][/formvariables] [formvariables name=unurl][redirect /][/formvariables] [formvariables name=uppercase][redirect /][/formvariables] [formvariables name=url][redirect /][/formvariables] [formvariables name=username][redirect /][/formvariables] [formvariables name=validcard][redirect /][/formvariables] [formvariables name=version][redirect /][/formvariables] [formvariables name=version][redirect /][/formvariables] [formvariables name=waitforfile][redirect /][/formvariables] [formvariables name=writefile][redirect /][/formvariables] [formvariables name=xmlnode][redirect /][/formvariables] [formvariables name=xmlnodes][redirect /][/formvariables] [formvariables name=xmlnodesattributes][redirect /][/formvariables] [formvariables name=xmlparse][redirect /][/formvariables] [formvariables name=xsl][redirect /][/formvariables] [formvariables name=xslt][redirect /][/formvariables] --0016e6dd98dbd839800489182de7 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Brian,

Hi - no panic here. =C2=A0 I just worry that the = code on our sites could have been exposed and it would appear that the issu= e has been known about for some time at least.

It&= #39;s obviously bad practice on my part but I have left things in WebDNA co= mments that I wouldn't want in the public domain in the belief that the= y would never be served out. =C2=A0 I also use tables a lot and this proble= m can expose their contents.

Anyhow in the meantime I have added the following code = at the top of my pre-parse script to deal with the problem. =C2=A0I checked= using [elapsedtime] and it doesn't appear to put much if any overhead = on the serving of pages.

- Tom


[for= mvariables name=3D!][redirect /][/formvariables]
[formvariables n= ame=3Daddfields][redirect /][/formvariables]
[formvariables name= =3Daddlineitem][redirect /][/formvariables]
[formvariables name=3Dappend][redirect /][/formvariables]
[f= ormvariables name=3Dappendfile][redirect /][/formvariables]
[form= variables name=3Dapplescript][redirect /][/formvariables]=C2=A0
[= formvariables name=3Darrayget][redirect /][/formvariables]
[formvariables name=3Darrayset][redirect /][/formvariables]
= [formvariables name=3Dauthenticate][redirect /][/formvariables]
[= formvariables name=3Dboldwords][redirect /][/formvariables]
[form= variables name=3Dbrowsername][redirect /][/formvariables]
[formvariables name=3Dcalcfilecrc32][redirect /][/formvariables]
=
[formvariables name=3Dcapitalize][redirect /][/formvariables]
[formvariables name=3Dcart][redirect /][/formvariables]
[formva= riables name=3Dcase][redirect /][/formvariables]
[formvariables name=3Dclearlineitems][redirect /][/formvariables]
[formvariables name=3Dclosedatabase][redirect /][/formvariables]
[formvariables name=3Dcommand][redirect /][/formvariables]
= [formvariables name=3Dcommitdatabase][redirect /][/formvariables]
[formvariables name=3Dconvertchars][redirect /][/formvariables]
<= div>[formvariables name=3Dconvertwords][redirect /][/formvariables]
[formvariables name=3Dcopyfile][redirect /][/formvariables]
[f= ormvariables name=3Dcopyfolder][redirect /][/formvariables]
[formvariables name=3Dcountchars][redirect /][/formvariables]
[formvariables name=3Dcountwords][redirect /][/formvariables]
[= formvariables name=3Dcreatefolder][redirect /][/formvariables]
[f= ormvariables name=3Ddate][redirect /][/formvariables]
[formvariables name=3Dddeconnect][redirect /][/formvariables]
[formvariables name=3Dddesend][redirect /][/formvariables]
[for= mvariables name=3Ddecrypt][redirect /][/formvariables]
[formvaria= bles name=3Ddelete][redirect /][/formvariables]
[formvariables name=3Ddeletefile][redirect /][/formvariables]
[formvariables name=3Ddeletefolder][redirect /][/formvariables][formvariables name=3Ddos][redirect /][/formvariables]
[formvari= ables name=3Delapsedtime][redirect /][/formvariables]
[formvariables name=3Delse][redirect /][/formvariables]
[for= mvariables name=3Dencrypt][redirect /][/formvariables]
[formvaria= bles name=3Dexclusivelock][redirect /][/formvariables]
[formvaria= bles name=3Dfilecompare][redirect /][/formvariables]
[formvariables name=3Dfileinfo][redirect /][/formvariables]
= [formvariables name=3Dfindstring][redirect /][/formvariables]
[fo= rmvariables name=3Dflushcache][redirect /][/formvariables]
[formv= ariables name=3Dflushdatabases][redirect /][/formvariables]
[formvariables name=3Dformat][redirect /][/formvariables]
[f= ormvariables name=3Dformat][redirect /][/formvariables]
[formvari= ables name=3Dformvariables][redirect /][/formvariables]
[formvari= ables name=3Dfounditems][redirect /][/formvariables]
[formvariables name=3Dfreememory][redirect /][/formvariables]
[formvariables name=3Dfunction][redirect /][/formvariables]
[fo= rmvariables name=3Dgetchars][redirect /][/formvariables]
[formvar= iables name=3Dgetcookie][redirect /][/formvariables]
[formvariables name=3Dgetmimeheader][redirect /][/formvariables]
=
[formvariables name=3Dgrep][redirect /][/formvariables]
[for= mvariables name=3Dhideif][redirect /][/formvariables]
[formvariab= les name=3Dhtml1][redirect /][/formvariables]
[formvariables name=3Dhtml2][redirect /][/formvariables]
[fo= rmvariables name=3Dhtml3][redirect /][/formvariables]
[formvariab= les name=3Dhttpmethod][redirect /][/formvariables]
[formvariables= name=3Dif][redirect /][/formvariables]
[formvariables name=3Dinclude][redirect /][/formvariables]
[= formvariables name=3Dinput][redirect /][/formvariables]
[formvari= ables name=3Dinterpret][redirect /][/formvariables]
[formvariable= s name=3Dipaddress][redirect /][/formvariables]
[formvariables name=3Dissecureclient][redirect /][/formvariables]
[formvariables name=3Dlastautonumner][redirect /][/formvariables]
[formvariables name=3Dlastrandom][redirect /][/formvariables]
<= div> [formvariables name=3Dlineitems][redirect /][/formvariables]
[for= mvariables name=3Dlistchars][redirect /][/formvariables]
[formvar= iables name=3Dlistcookies][redirect /][/formvariables]
[formvaria= bles name=3Dlistdatabases][redirect /][/formvariables]
[formvariables name=3Dlistfields][redirect /][/formvariables]
[formvariables name=3Dlistfiles][redirect /][/formvariables]
[f= ormvariables name=3Dlistmimeheaders][redirect /][/formvariables]=C2=A0
[formvariables name=3Dlistpath][redirect /][/formvariables]
[formvariables name=3Dlistvariables][redirect /][/formvariables]
=
[formvariables name=3Dlistwords][redirect /][/formvariables]
[formvariables name=3Dlookup][redirect /][/formvariables]
[formv= ariables name=3Dlookup][redirect /][/formvariables]
[formvariables name=3Dloop][redirect /][/formvariables]
[for= mvariables name=3Dlowercase][redirect /][/formvariables]
[formvar= iables name=3Dmath][redirect /][/formvariables]
[formvariables na= me=3Dmiddle][redirect /][/formvariables]
[formvariables name=3Dmovefile][redirect /][/formvariables]
= [formvariables name=3Dobject][redirect /][/formvariables]
[formva= riables name=3Dorderfile][redirect /][/formvariables]
[formvariab= les name=3Dpassword][redirect /][/formvariables]
[formvariables name=3Dplatform][redirect /][/formvariables]
= [formvariables name=3Dproduct][redirect /][/formvariables]
[formv= ariables name=3Dprotect][redirect /][/formvariables]
[formvariabl= es name=3Dpurchase][redirect /][/formvariables]
[formvariables name=3Drandom][redirect /][/formvariables]
[f= ormvariables name=3Draw][redirect /][/formvariables]
[formvariabl= es name=3Dredirect][redirect /][/formvariables]
[formvariables na= me=3Dreferrer][redirect /][/formvariables]
[formvariables name=3Dremovehtml][redirect /][/formvariables]
[formvariables name=3Dremovelineitem][redirect /][/formvariables][formvariables name=3Dreplace][redirect /][/formvariables]
[fo= rmvariables name=3Dreplacefounditems][redirect /][/formvariables]
[formvariables name=3Dreturn][redirect /][/formvariables]
[f= ormvariables name=3Dreturnraw][redirect /][/formvariables]
[formv= ariables name=3Dscope][redirect /][/formvariables]
[formvariables= name=3Dsearch][redirect /][/formvariables]
[formvariables name=3Dsendmail][redirect /][/formvariables]
= [formvariables name=3Dsetcookie][redirect /][/formvariables]=C2=A0
[formvariables name=3Dsetheader][redirect /][/formvariables]
[f= ormvariables name=3Dsetlineitem][redirect /][/formvariables]
[formvariables name=3Dsetmimeheader][redirect /][/formvariables]
=
[formvariables name=3Dshell][redirect /][/formvariables]
[fo= rmvariables name=3Dshowif][redirect /][/formvariables]
[formvaria= bles name=3Dshownext][redirect /][/formvariables]
[formvariables name=3Dspawn][redirect /][/formvariables]
[fo= rmvariables name=3Dsql][redirect /][/formvariables]
[formvariable= s name=3Dsql][redirect /][/formvariables]
[formvariables name=3Ds= qlconnect][redirect /][/formvariables]
[formvariables name=3Dsqldisconnect][redirect /][/formvariables]
=
[formvariables name=3Dsqlexecute][redirect /][/formvariables]
[formvariables name=3Dsqlinfo][redirect /][/formvariables]
[for= mvariables name=3Dsqlrelease][redirect /][/formvariables]
[formvariables name=3Dsqlresult][redirect /][/formvariables]
[formvariables name=3Dswitch][redirect /][/formvariables]
[formv= ariables name=3Dtable][redirect /][/formvariables]
[formvariables= name=3Dtcpconnect][redirect /][/formvariables]
[formvariables name=3Dtcpsend][redirect /][/formvariables]
[= formvariables name=3Dtext][redirect /][/formvariables]
[formvaria= bles name=3Dthen][redirect /][/formvariables]
[formvariables name= =3Dthisurl][redirect /][/formvariables]
[formvariables name=3Dtime][redirect /][/formvariables]=C2=A0
[formvariables name=3Dunurl][redirect /][/formvariables]
[formv= ariables name=3Duppercase][redirect /][/formvariables]
[formvaria= bles name=3Durl][redirect /][/formvariables]
[formvariables name=3Dusername][redirect /][/formvariables]
= [formvariables name=3Dvalidcard][redirect /][/formvariables]
[for= mvariables name=3Dversion][redirect /][/formvariables]
[formvaria= bles name=3Dversion][redirect /][/formvariables]
[formvariables name=3Dwaitforfile][redirect /][/formvariables]
[formvariables name=3Dwritefile][redirect /][/formvariables]
[= formvariables name=3Dxmlnode][redirect /][/formvariables]
[formva= riables name=3Dxmlnodes][redirect /][/formvariables]
[formvariables name=3Dxmlnodesattributes][redirect /][/formvariables]<= /div>
[formvariables name=3Dxmlparse][redirect /][/formvariables]
=
[formvariables name=3Dxsl][redirect /][/formvariables]
[form= variables name=3Dxslt][redirect /][/formvariables]





--0016e6dd98dbd839800489182de7-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

international time (1997) Showif, Hideif reverse logic ? (1997) WebDNA 4.5 (2004) Creating comums (1998) Quickie question on the email templates (1997) passing search criteria (1997) [AppendFile] problem (WebCat2b13 Mac .acgi) (1997) using listfiles to build a database? more (2000) Register First (2000) triggers (2000) Deleting Orders (1997) I forgot (1998) [WebDNA] sandboxes etc (2009) page redirect in webDNA (1997) [Semi-OT] encrypted variable in URL (2005) WebCat2b15MacPlugin - [protect] (1997) WebCatalog2 Feature Feedback (1996) Date Sorting (1997) BBEdit and WebCatalog 2.0? (1997) WebCat2: Items xx to xx shown, etc. (1997)