Re: WebCatalog 4.0 has been released!
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 32821
interpreted = N
texte = I have never used the behavior in question, nor did it occur to me thatit was a good idea when it was discussed. Relying on precedence is always a bad idea when programming public executable code, which is why tainting is such an important feature in Perl. It is actually veryhard to write perl code that will execute under -T, because you quicklyrealize what assumptions you make when you write code.You and every other developer can make the choice to disable to highersecurity in the new system. If you personally never distributed any ofyour code in readable form, there is very little that any cracker coulddo to fake out your code. But, I will never rely on hidden variables toprotect my sites, and I will never be disabling the security. I also urge everyone to examine their code-base and fix individual [text] vars rather than blindly flipping the flag in case. New sites, written from scratch, will include tags that cannot be interpreted by older WebCat installs (such is the nature of upgrades). Don't crippleyour site now, to suit old programming mistakes.John PeacockAlex McCombie wrote:> > The good news is that SM heard the cry to include this in the prefs so> that it could be changed but opted to rely on word of mouth(email) as to how> to use it. This will likely ensure that there will be NUMEROUS emails on the> forum regarding it as people work through it.>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
I have never used the behavior in question, nor did it occur to me thatit was a good idea when it was discussed. Relying on precedence is always a bad idea when programming public executable code, which is why tainting is such an important feature in Perl. It is actually veryhard to write perl code that will execute under -T, because you quicklyrealize what assumptions you make when you write code.You and every other developer can make the choice to disable to highersecurity in the new system. If you personally never distributed any ofyour code in readable form, there is very little that any cracker coulddo to fake out your code. But, I will never rely on hidden variables toprotect my sites, and I will never be disabling the security. I also urge everyone to examine their code-base and fix individual [text] vars rather than blindly flipping the flag in case. New sites, written from scratch, will include tags that cannot be interpreted by older WebCat installs (such is the nature of upgrades). Don't crippleyour site now, to suit old programming mistakes.John PeacockAlex McCombie wrote:> > The good news is that SM heard the cry to include this in the prefs so> that it could be changed but opted to rely on word of mouth(email) as to how> to use it. This will likely ensure that there will be NUMEROUS emails on the> forum regarding it as people work through it.>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
John Peacock
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebCatalog Mac and cgi-bin (WebSTAR 2.0) (1997)
[WebDNA] Search 2 databases ??? (2009)
Webcat no longer supported? (2006)
Download Question (1997)
WebCat2 - storing unformatted date data? (1997)
Upgrading old WebCat Database Files (1997)
More on the email templates (1997)
Help! Strange happenings... (1997)
UPDATE PROBLEM (1997)
Multiple Replaces? (1997)
Help with Repost Data msg from form (1997)
Umm...about those log files? (Off Topic) (1997)
Alternating colors (1997)
page redirect in webDNA (1997)
FAX orders (1996)
Remote stockroom ? (1998)
WebCat editing, SiteGuard & SiteEdit (1997)
WYSIWYG Entry of text fields (2001)
Summing fields (1997)
Keep away (1997)