numero = 36134
interpreted = N
texte = SMSI will have to explain why the ACCOUNTNUM field takes more bare text than it does url'd encrypted text. This does, however, raise the question: Why are you encrypting in the first place?Since the cart file is located on the server and never sent to the browser (unless you specify that field for display), and you can add anything to the cart header in such a way that it never appears in the HTML source, I see no reason to use encrypt at all. I know some people have used doubly-url'd and encrypted text for storage in cookies, but here there does not seem to be any need for that level of confusion.John PeacockPete Campbell wrote: > > Thanks John. I didn't know about the field-length limits (not mentioned at > all in the SETHEADER section of the docs). Even so, its not clear that the > ACCOUNTNUM field is limited. > > Your solution about using a HEADERxx field instead of the ACCOUNTNUM field > works but its not clear why. ACCOUNTNUM does not appear to be limited in > length. If I set the ACCOUNTNUM header to a simple alphanumeric string (say > 7000600050004000300020001000 - 28 chars) it works fine. > > The problem appears to be related to the URL codes in the string assigned to > ACCOUNTNUM. For some reason, ACCOUNTNUM has a limited size if the string is > URLed. If I use a string of > [url]*&#@$(*@#)$*&#@$(*#$(*&#$(*#&$(*#&$)(*[/url], the decrypted UNURLed > ACCOUNTNUM value returned is *&#@$(*@#)$*&#@$%, much shorter than the > original string. If I use a HEADERxx field, this does not occur. > > FYI, I've tested this on WC 3.?? and 4.0b1. > > Pete > > ----- Original Message ----- > From: John Peacock > To: WebCatalog Talk > Sent: Monday, August 14, 2000 10:15 AM > Subject: Re: Encrypt & SetHeader Length Problem > > > Note that the header fields are all fixed length, and not your fields to > > play with casually. See the docs for the Puchase command, which lists > > most of the field lengths (AccountNum is not one of them, but 14 would > > cover all credit card lengths). > > > > If you want to store something longer, use one of Header1-Header40, and > > you won't have the length problem. > > > > HTH > > > > John Peacock > > > > Pete Campbell wrote: > > > > > > I'm trying to encrypt a number and put it into the cart ACCOUNTNUM > header > > > field. The problem is that only 14 digits of the original number/string > are > > > available after the DECRYPT. The ACCOUNTNUM field is not limited in > length > > > because I can set it to a string of any length. The problem seems to > occur > > > only when I use URLed ENCRYPT data. From the code & output below, it > looks > > > like the SETHEADER context is not storing all of the URL/ENCRYPT data. > > > > > > I use the [URL] context twice to convert the encrypted data to a > hex-only > > > value (presumably safer for headers & DB data). I also use the [URL] > context > > > inside the SETHEADER context because it seems to automatically unURL > data. > > > This way I (hopefully) ensure that the data stored in the header field > is > > > double-URLed. > > > > > > Thanks in advance for any help / suggestions / workarounds. > > > > > > Pete > > > > > > The test code and output is below: > > > > > > [!]************ WebCat code: ************ [/!] > > > [!]This code has a 12-digit input string and works properly.[/!] > > > > > > [text]encryptednum=[url][encrypt > > > seed=TestTest]300020001000[/encrypt][/url][/text] > > > Setting encrypted accountnum to [encryptednum] > > > The decrypted value is [unurl][decrypt > > > seed=TestTest][encryptednum][/decrypt][/unurl]... > > > [setheader cart=[cart]]accountnum=[url][encryptednum][/url][/setheader] > > > Encrypted accountnum header is [accountnum] > > > Decrypted accountnum header is [decrypt > > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]
> > > > > > ************ Output: ************ > > > > > > Setting encrypted accountnum to 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F > > > The decrypted value is 300020001000... > > > Encrypted accountnum header is 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F > > > Decrypted accountnum header is 300020001000 > > > > > > [!]************ WebCat code: ************ [/!] > > > [!]This code has a 16-digit input string and does not work properly.[/!] > > > > > > [text]encryptednum=[url][encrypt > > > seed=TestTest]4000300020001000[/encrypt][/url][/text] > > > Setting encrypted accountnum to [encryptednum] > > > The decrypted value is [unurl][decrypt > > > seed=TestTest][encryptednum][/decrypt][/unurl]... > > > [setheader cart=[cart]]accountnum=[url][encryptednum][/url][/setheader] > > > Encrypted accountnum header is [accountnum] > > > Decrypted accountnum header is [decrypt > > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]
> > > > > > ************ Output: ************ > > > > > > Setting encrypted accountnum to > > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F%DEA%A6 > > > The decrypted value is 4000300020001000... > > > Encrypted accountnum header is > > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F > > > Decrypted accountnum header is 40003000200010 > > > > > > The decrypted header above is missing the last 2 digits. > > > > > > ------------------------------------------------------------- > > > This message is sent to you because you are subscribed to > > > the mailing list . > > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to > > > > Web Archive of this list is at: http://search.smithmicro.com/ > > > > ------------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > > Web Archive of this list is at: http://search.smithmicro.com/ > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
SMSI will have to explain why the ACCOUNTNUM field takes more bare text than it does url'd encrypted text. This does, however, raise the question: Why are you encrypting in the first place?Since the cart file is located on the server and never sent to the browser (unless you specify that field for display), and you can add anything to the cart header in such a way that it never appears in the HTML source, I see no reason to use encrypt at all. I know some people have used doubly-url'd and encrypted text for storage in cookies, but here there does not seem to be any need for that level of confusion.John PeacockPete Campbell wrote: > > Thanks John. I didn't know about the field-length limits (not mentioned at > all in the SETHEADER section of the docs). Even so, its not clear that the > ACCOUNTNUM field is limited. > > Your solution about using a HEADERxx field instead of the ACCOUNTNUM field > works but its not clear why. ACCOUNTNUM does not appear to be limited in > length. If I set the ACCOUNTNUM header to a simple alphanumeric string (say > 7000600050004000300020001000 - 28 chars) it works fine. > > The problem appears to be related to the URL codes in the string assigned to > ACCOUNTNUM. For some reason, ACCOUNTNUM has a limited size if the string is > URLed. If I use a string of > [url]*&#@$(*@#)$*&#@$(*#$(*&#$(*#&$(*#&$)(*[/url], the decrypted UNURLed > ACCOUNTNUM value returned is *&#@$(*@#)$*&#@$%, much shorter than the > original string. If I use a HEADERxx field, this does not occur. > > FYI, I've tested this on WC 3.?? and 4.0b1. > > Pete > > ----- Original Message ----- > From: John Peacock > To: WebCatalog Talk > Sent: Monday, August 14, 2000 10:15 AM > Subject: Re: Encrypt & SetHeader Length Problem > > > Note that the header fields are all fixed length, and not your fields to > > play with casually. See the docs for the Puchase command, which lists > > most of the field lengths (AccountNum is not one of them, but 14 would > > cover all credit card lengths). > > > > If you want to store something longer, use one of Header1-Header40, and > > you won't have the length problem. > > > > HTH > > > > John Peacock > > > > Pete Campbell wrote: > > > > > > I'm trying to encrypt a number and put it into the cart ACCOUNTNUM > header > > > field. The problem is that only 14 digits of the original number/string > are > > > available after the DECRYPT. The ACCOUNTNUM field is not limited in > length > > > because I can set it to a string of any length. The problem seems to > occur > > > only when I use URLed ENCRYPT data. From the code & output below, it > looks > > > like the SETHEADER context is not storing all of the URL/ENCRYPT data. > > > > > > I use the [url] context twice to convert the encrypted data to a > hex-only > > > value (presumably safer for headers & DB data). I also use the [url] > context > > > inside the SETHEADER context because it seems to automatically unURL > data. > > > This way I (hopefully) ensure that the data stored in the header field > is > > > double-URLed. > > > > > > Thanks in advance for any help / suggestions / workarounds. > > > > > > Pete > > > > > > The test code and output is below: > > > > > > [!]************ WebCat code: ************ [/!] > > > [!]This code has a 12-digit input string and works properly.[/!] > > > > > > [text]encryptednum=[url][encrypt > > > seed=TestTest]300020001000[/encrypt][/url][/text] > > > Setting encrypted accountnum to [encryptednum] > > > The decrypted value is [unurl][decrypt > > > seed=TestTest][encryptednum][/decrypt][/unurl]... > > > [setheader cart=[cart]]accountnum=[url][encryptednum][/url][/setheader] > > > Encrypted accountnum header is [accountnum] > > > Decrypted accountnum header is [decrypt > > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]
> > > > > > ************ Output: ************ > > > > > > Setting encrypted accountnum to 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F > > > The decrypted value is 300020001000... > > > Encrypted accountnum header is 8%1E%B8D%88Rq%8F%F7%12%C6n%08q%AF%8F > > > Decrypted accountnum header is 300020001000 > > > > > > [!]************ WebCat code: ************ [/!] > > > [!]This code has a 16-digit input string and does not work properly.[/!] > > > > > > [text]encryptednum=[url][encrypt > > > seed=TestTest]4000300020001000[/encrypt][/url][/text] > > > Setting encrypted accountnum to [encryptednum] > > > The decrypted value is [unurl][decrypt > > > seed=TestTest][encryptednum][/decrypt][/unurl]... > > > [setheader cart=[cart]]accountnum=[url][encryptednum][/url][/setheader] > > > Encrypted accountnum header is [accountnum] > > > Decrypted accountnum header is [decrypt > > > seed=TestTest][unurl][accountnum][/unurl][/decrypt]
> > > > > > ************ Output: ************ > > > > > > Setting encrypted accountnum to > > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F%DEA%A6 > > > The decrypted value is 4000300020001000... > > > Encrypted accountnum header is > > > %11%D7%C0%84_%F3%03wrG%DF%8En%EFy%5D%AF%85h%28%7F > > > Decrypted accountnum header is 40003000200010 > > > > > > The decrypted header above is missing the last 2 digits. > > > > > > ------------------------------------------------------------- > > > This message is sent to you because you are subscribed to > > > the mailing list . > > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to > > > > Web Archive of this list is at: http://search.smithmicro.com/ > > > > ------------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > > Web Archive of this list is at: http://search.smithmicro.com/ > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
John Peacock
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...