Re: [WebDNA] Stop hacking
This WebDNA talk-list message is from 2013
It keeps the original formatting.
numero = 110685
interpreted = N
texte = --001a11c34e6cbb7b1b04e624588dContent-Type: text/plain; charset=ISO-8859-1This is noHack.db:contextName!addfieldsaddlineitemappendappendfileapplescriptarraygetarraysetauthenticateboldwordsbrowsernamecalcfilecrc32capitalizecaseclearlineitemsclosedatabasecommandcommitdatabaseconvertcharsconvertwordscopyfilecopyfoldercountcharscountwordscreatefolderdateddeconnectddesenddecryptdeletedeletefiledeletefolderdoselapsedtimeelseencryptexclusivelockfilecomparefileinfofindstringflushcacheflushdatabasesformatformatformvariablesfounditemsfreememoryfunctiongetcharsgetcookiegetmimeheadergrephideifhtml1html2html3httpmethodifincludeinputinterpretipaddressissecureclientlastautonumnerlastrandomlineitemslistcharslistcookieslistdatabaseslistfieldslistfileslistmimeheaderslistpathlistvariableslistwordslookuplookuplooplowercasemathmiddlemovefileobjectorderfilepasswordplatformproductprotectpurchaserandomrawredirectreferrerremovehtmlremovelineitemreplacereplacefounditemsreturnreturnrawscopesearchsendmailsetcookiesetheadersetlineitemsetmimeheadershellshowifshownextspawnsqlsqlsqlconnectsqldisconnectsqlexecutesqlinfosqlreleasesqlresultswitchtabletcpconnecttcpsendtextthenthisurltimeunurluppercaseurlusernamevalidcardversionversionwaitforfilewritefilexmlnodexmlnodesxmlnodesattributesxmlparsexslxsltOn Wed, Sep 11, 2013 at 6:42 PM, Donovan Brooke
wrote:> Steve,> It appears the original coder was trying to stop anyone from trying a> context in the URL... however, I'm not sure why that would be desired. We> don't know the contents of "noHack.db" so we can't tell you exactly what> the coder was trying to protect the site from.>> Donovan>>>> --- Original message ---> *Subject:* [WebDNA] Stop hacking> *From:* Steve Graham > *To:* > *Date:* Wednesday, 11/09/2013 3:53 PM>> I found this code in a webdna site I am fixing. Someone please say if> this is necessary or recommended to stop hackers in v7.x or v6.2.1:>> [formvariables]> [search db=noHack.db&eqcontextNamedatarq=[url][name][/url]]> [founditems]> [redirect /]> [/founditems]> [/search]> [/formvariables]>> [!] include this file at the top of every page to block hacking when a> context name appears as a formvariable name [/!]> --------------------------------------------------------- This message is> sent to you because you are subscribed to the mailing list .> To unsubscribe, E-mail to: archives:> http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us>>> --------------------------------------------------------- This message is> sent to you because you are subscribed to the mailing list **. To> unsubscribe, E-mail to: ** archives:> http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us--001a11c34e6cbb7b1b04e624588dContent-Type: text/html; charset=ISO-8859-1Content-Transfer-Encoding: quoted-printableThis is noHack.db:
contextName
!
addfields
addlineitem
append
appendfile
applescript
arrayget
arrayset=
authenticate
boldwords
browsername
calcfilecrc32
capitalize=
case
clearlineitems
closedatabase
command
commitdatabase
con=vertchars
convertwords
copyfile
copyfolder
countchars
countw=ords
createfolder
date
ddeconnect
ddesend
decrypt
delete<=br>deletefile
deletefolder
dos
elapsedtime
else
encrypt
excl=usivelock
filecompare
fileinfo
findstring
flushcache
flushda=tabases
format
format
formvariables
founditems
freememory
function
getchars
getcookie
getmimeheader
grep
hideif
htm=l1
html2
html3
httpmethod
if
include
input
interpretipaddress
issecureclient
lastautonumner
lastrandom
lineitems<=br>listchars
listcookies
listdatabases
listfields
listfiles
lis=tmimeheaders
listpath
listvariables
listwords
lookup
lookup<=br>loop
lowercase
math
middle
movefile
object
orderfilepassword
platform
product
protect
purchase
random
raw
=redirect
referrer
removehtml
removelineitem
replace
replacef=ounditems
return
returnraw
scope
search
sendmail
setcooki=e
setheader
setlineitem
setmimeheader
shell
showif
shownext
spawn
sql
sql
sqlconnect
sqldisconnect
sqlexecute
sqlinf=o
sqlrelease
sqlresult
switch
table
tcpconnect
tcpsend
text
then
thisurl
time
unurl
uppercase
url
username
validcard
version
version
waitforfile
writefile
xmlnode
=xmlnodes
xmlnodesattributes
xmlparse
xsl
xslt
--001a11c34e6cbb7b1b04e624588d--
Associated Messages, from the most recent to the oldest:
--001a11c34e6cbb7b1b04e624588dContent-Type: text/plain; charset=ISO-8859-1This is noHack.db:contextName!addfieldsaddlineitemappendappendfileapplescriptarraygetarraysetauthenticateboldwordsbrowsernamecalcfilecrc32capitalizecaseclearlineitemsclosedatabasecommandcommitdatabaseconvertcharsconvertwordscopyfilecopyfoldercountcharscountwordscreatefolderdateddeconnectddesenddecryptdeletedeletefiledeletefolderdoselapsedtimeelseencryptexclusivelockfilecomparefileinfofindstringflushcacheflushdatabasesformatformatformvariablesfounditemsfreememoryfunctiongetcharsgetcookiegetmimeheadergrephideifhtml1html2html3httpmethodifincludeinputinterpretipaddressissecureclientlastautonumnerlastrandomlineitemslistcharslistcookieslistdatabaseslistfieldslistfileslistmimeheaderslistpathlistvariableslistwordslookuplookuplooplowercasemathmiddlemovefileobjectorderfilepasswordplatformproductprotectpurchaserandomrawredirectreferrerremovehtmlremovelineitemreplacereplacefounditemsreturnreturnrawscopesearchsendmailsetcookiesetheadersetlineitemsetmimeheadershellshowifshownextspawnsqlsqlsqlconnectsqldisconnectsqlexecutesqlinfosqlreleasesqlresultswitchtabletcpconnecttcpsendtextthenthisurltimeunurluppercaseurlusernamevalidcardversionversionwaitforfilewritefilexmlnodexmlnodesxmlnodesattributesxmlparsexslxsltOn Wed, Sep 11, 2013 at 6:42 PM, Donovan Brooke wrote:> Steve,> It appears the original coder was trying to stop anyone from trying a> context in the URL... however, I'm not sure why that would be desired. We> don't know the contents of "noHack.db" so we can't tell you exactly what> the coder was trying to protect the site from.>> Donovan>>>> --- Original message ---> *Subject:* [WebDNA] Stop hacking> *From:* Steve Graham > *To:* > *Date:* Wednesday, 11/09/2013 3:53 PM>> I found this code in a webdna site I am fixing. Someone please say if> this is necessary or recommended to stop hackers in v7.x or v6.2.1:>> [formvariables]> [search db=noHack.db&eqcontextNamedatarq=[url][name][/url]]> [founditems]> [redirect /]> [/founditems]> [/search]> [/formvariables]>> [!] include this file at the top of every page to block hacking when a> context name appears as a formvariable name [/!]> --------------------------------------------------------- This message is> sent to you because you are subscribed to the mailing list .> To unsubscribe, E-mail to: archives:> http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us>>> --------------------------------------------------------- This message is> sent to you because you are subscribed to the mailing list **. To> unsubscribe, E-mail to: ** archives:> http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us--001a11c34e6cbb7b1b04e624588dContent-Type: text/html; charset=ISO-8859-1Content-Transfer-Encoding: quoted-printableThis is noHack.db:
contextName
!
addfields
addlineitem
append
appendfile
applescript
arrayget
arrayset=
authenticate
boldwords
browsername
calcfilecrc32
capitalize=
case
clearlineitems
closedatabase
command
commitdatabase
con=vertchars
convertwords
copyfile
copyfolder
countchars
countw=ords
createfolder
date
ddeconnect
ddesend
decrypt
delete<=br>deletefile
deletefolder
dos
elapsedtime
else
encrypt
excl=usivelock
filecompare
fileinfo
findstring
flushcache
flushda=tabases
format
format
formvariables
founditems
freememory
function
getchars
getcookie
getmimeheader
grep
hideif
htm=l1
html2
html3
httpmethod
if
include
input
interpretipaddress
issecureclient
lastautonumner
lastrandom
lineitems<=br>listchars
listcookies
listdatabases
listfields
listfiles
lis=tmimeheaders
listpath
listvariables
listwords
lookup
lookup<=br>loop
lowercase
math
middle
movefile
object
orderfilepassword
platform
product
protect
purchase
random
raw
=redirect
referrer
removehtml
removelineitem
replace
replacef=ounditems
return
returnraw
scope
search
sendmail
setcooki=e
setheader
setlineitem
setmimeheader
shell
showif
shownext
spawn
sql
sql
sqlconnect
sqldisconnect
sqlexecute
sqlinf=o
sqlrelease
sqlresult
switch
table
tcpconnect
tcpsend
text
then
thisurl
time
unurl
uppercase
url
username
validcard
version
version
waitforfile
writefile
xmlnode
=xmlnodes
xmlnodesattributes
xmlparse
xsl
xslt
--001a11c34e6cbb7b1b04e624588d--
Steve Graham
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
On a related topic (2006)
SKU lookup (1997)
Formating found categories (1997)
Where is f2? (1997)
Logout? (1998)
Undeliverable Mail (1997)
WebCatalog [FoundItems] Problem - AGAIN - (1997)
removing commas from a preformatted number (2000)
Help!!!! (1997)
Emailer.Out (1998)
RE: Error: template (1997)
Browser Problem?!? POST forms and NN 4.0+ browsers (1997)
expired beta (1997)
WebCat2b13MacPlugIn - More limits on [include] (1997)
RED QUESTION MARKS AGAIN (1999)
Signal Raised Error (1997)
StoreBuilder and PayPal (2002)
Searching multiple Databases (1997)
Protect (1997)
BR (1997)