Does anybody =know how to stop this (http://www.w=ebdna.us/page.dna?numero=3D195&if=3D) from happening? It looks =like any DNA tag can easily be replaced through the URL. This could =potentially create security issues for =us.
umm.. yeah. that was what we were =talking about in several posts in this thread all morning, =right?
Did you try the code I posted? ..or the code Donovan =posted?
Set up a test page with an [if]...[/if] in it.. and =then see if you can break it with an URL param such as above.. and then =see if you can patch the security hole with code like one of us =posted.
Donovan, I am going to test =something(s) and properly reply to you.. a little =later.
-Govinda
=--Apple-Mail-3-704544720--
Associated Messages, from the most recent to the oldest:
--Apple-Mail-3-704544720Content-Transfer-Encoding: quoted-printableContent-Type: text/plain;charset=us-ascii> Does anybody know how to stop this =(http://www.webdna.us/page.dna?numero=3D195&if=3D) from happening? It =looks like any DNA tag can easily be replaced through the URL. This =could potentially create security issues for us.umm.. yeah. that was what we were talking about in several posts in =this thread all morning, right?Did you try the code I posted? ..or the code Donovan posted?Set up a test page with an
...[/if] in it.. and then see if you can =break it with an URL param such as above.. and then see if you can patch =the security hole with code like one of us posted.Donovan, I am going to test something(s) and properly reply to you.. a =little later.-Govinda--Apple-Mail-3-704544720Content-Transfer-Encoding: quoted-printableContent-Type: text/html;charset=us-ascii