Re: Encrypt & SetHeader Length Problem

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 36141
interpreted = N
texte = >We have decided to encrypt all credit card data just in case someone is able >to break into our server (nothing is ever 100% secure). Of course, they can >read the templates to get the encryption seed but we'll also encrypt the >templates to prevent this. > >I was URLing the encrypted data to avoid interpretation problems with the WC >commands. For example, if the encrypted data had a & code in it, this >would prematurely end the data portion of an assignment operator. I'm not >sure if this could occur, but it seems possible given that the encrypt >command could return any 8-bit value. So I figured that URLing the data >would prevent this from occuring. If I'm wrong, it wouldn't be the first >time. You are correct, but this issue of webcatalog *changing* your formatted value before storing it in the order file is nothing new ...For example, when you try to store a value in the expMonth field with a leading zero, such as 08, you will see that webcatalog will NOT store the leading zero like you tried to get it to. Instead, it strips off the leading zero without warning, resulting in a stored value of 8. There is nothing you can do to change this ...Basically, WebCatalog is programmed to *change* our formatted data when it doesn't fit webcat's idea of what that data is supposed to look like. Granted, this does not occur in all order file fields, but it should not occur in ANY of them, because it forces webcat's very limited internal formatting on us, even when we need a different format for our data ... :(This specific behavior occurs in both the expMonth and expYear fields. Webcat can also do screwy things with the values you try to store in the accountNum field when it doesn't like the format you give it. It seems you have discovered this 'feature' by trying to store values it doesn't like in that field ...WebCat may also change other order file field values as well, but SM has ignored me every time I asked them for a list of *all* the fields which are subject to this kind of internal 'behind-the-scenes' data manipulation. So I guess this is just another one of those 'secrets' that they would rather keep from us than to share openly ... :(Fortunately we have a work-around which you have already discovered -- the header fields. Using these fields is the only guaranteed way to prevent webcat's internal code from changing our formatted values. It seems that webcat doesn't know what kind of data you're going to store in these fields, so it must 'leave it alone' instead of mucking with it.Kinda makes you wonder why 'features' like this have been built into webcat for years, yet they are still never mentioned in the docs, right?As far as I am concerned, webcat should NEVER muck with the data I tell it to store for me, it should always store *exactly* what I tell it to store, without changing anything. But if it's going to muck with something anyways (as it does) then SM should *document* this potentially problematic behavior, instead of keeping it a secret from us until it creates problems.:( ================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Encrypt Method SHA256 (christophe.billiottet@webdna.us 2018)
  2. Re: [WebDNA] Encrypt Method SHA256 (WebDNA Solutions 2018)
  3. [WebDNA] Encrypt Method SHA256 ("McMahon, Dustin" 2018)
  4. Re: [WebDNA] Encrypt / Decrypt weirdness..... plus some date weirdness (Terry Wilson 2015)
  5. Re: [WebDNA] Encrypt / Decrypt weirdness..... plus some date weirdness (Donovan Brooke 2015)
  6. [WebDNA] Encrypt / Decrypt weirdness..... plus some date weirdness (Rich Kwas 2015)
  7. [WebDNA] Encrypt / Decrypt weirdness..... plus some date weirdness (Rich Kwas 2015)
  8. Re: [WebDNA] encrypt files/directories (Donovan Brooke 2011)
  9. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  10. Re: [WebDNA] encrypt files/directories (christophe.billiottet@webdna.us 2011)
  11. Re: [WebDNA] encrypt files/directories (christophe.billiottet@webdna.us 2011)
  12. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  13. Re: [WebDNA] encrypt files/directories (Grant Hulbert 2011)
  14. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  15. Re: [WebDNA] encrypt files/directories ("Brian B. Burton" 2011)
  16. Re: [WebDNA] encrypt files/directories (Steve Raslevich -Northern Sound 2011)
  17. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  18. Re: [WebDNA] encrypt files/directories (Steve Raslevich -Northern Sound 2011)
  19. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  20. [WebDNA] encrypt files/directories (Steve Raslevich -Northern Sound 2011)
  21. Re: [WebDNA] orderfile - encrypt test request (Donovan Brooke 2011)
  22. [WebDNA] orderfile - encrypt test request (Donovan Brooke 2011)
  23. Re: Encrypt File ( Jim Ziegler 2006)
  24. Encrypt File ( Dave Daniels 2006)
  25. Re: Oh yes, it's Encrypt and Decrypt again ( Gary Krockover 2005)
  26. Re: Oh yes, it's Encrypt and Decrypt again ( Brian Fries 2005)
  27. Oh yes, it's Encrypt and Decrypt again ( Gary Krockover 2005)
  28. Re: encrypt but with normal characters for result? ( John Peacock 2005)
  29. Re: encrypt but with normal characters for result? ( Gary Krockover 2005)
  30. Re: encrypt but with normal characters for result? ( eLists 2005)
  31. Re: encrypt but with normal characters for result? ( "WebDna @ Inkblot Media" 2005)
  32. Re: encrypt but with normal characters for result? ( Gary Krockover 2005)
  33. Re: encrypt but with normal characters for result? ( eLists 2005)
  34. Re: encrypt but with normal characters for result? ( "WebDna @ Inkblot Media" 2005)
  35. Re: encrypt but with normal characters for result? ( "Dale's Lists" 2005)
  36. Re: encrypt but with normal characters for result? ( Gary Krockover 2005)
  37. encrypt but with normal characters for result? ( "Dale's Lists" 2005)
  38. Re: Unencrypt Password ( Kenneth Grome 2004)
  39. Unencrypt Password ( Clint Davis 2004)
  40. Re: encrypt method=APOP broken or just not enough docs? - was:MD5 encryption (Brian Fries 2003)
  41. Re: encrypt method=APOP broken or just not enough docs? - was:MD5 encryption (Dale LaFountain 2003)
  42. Re: encrypt method=APOP broken or just not enough docs? - wasMD5 encryption (Scott Anderson 2003)
  43. encrypt method=APOP broken or just not enough docs? - was MD5encryption (Dale LaFountain 2003)
  44. Re: Encrypt a page/template (Gary Krockover 2002)
  45. Re: Encrypt a page/template (Brian Fries 2002)
  46. Encrypt a page/template (Lester Emo 2002)
  47. Re: encrypt algorythm (John Peacock 2002)
  48. encrypt algorythm (Gyuri 2002)
  49. Re: Encrypt Decrypt URL UnURL Weirdness (Stuart Tremain 2001)
  50. Re: Encrypt Decrypt URL UnURL Weirdness (Glenn Busbin 2001)
  51. Re: Encrypt Decrypt URL UnURL Weirdness (Stuart Tremain 2001)
  52. Re: Encrypt Decrypt URL UnURL Weirdness (Glenn Busbin 2001)
  53. Re: Encrypt Decrypt URL UnURL Weirdness (Brian Fries 2001)
  54. Re: Encrypt Decrypt URL UnURL Weirdness (Glenn Busbin 2001)
  55. Re: Encrypt Decrypt URL UnURL Weirdness (Brian Fries 2001)
  56. Re: Encrypt Decrypt URL UnURL Weirdness (Glenn Busbin 2001)
  57. Re: Encrypt Decrypt URL UnURL Weirdness (Brian Fries 2001)
  58. Encrypt Decrypt URL UnURL Weirdness (Glenn Busbin 2001)
  59. Re: encrypt and decrypt (John Peacock 2001)
  60. encrypt and decrypt (Glenn Busbin 2001)
  61. Re: Encrypt & SetHeader Length Problem (Pete Campbell 2000)
  62. Re: Encrypt & SetHeader Length Problem (Pete Campbell 2000)
  63. Re: Encrypt & SetHeader Length Problem (Kenneth Grome 2000)
  64. Encrypt & SetHeader Length Problem (Pete Campbell 2000)
  65. Re: Encrypt & SetHeader Length Problem (John Peacock 2000)
  66. Re: Encrypt & SetHeader Length Problem (John Peacock 2000)
  67. Re: What is the default seed for the encrypt context? (John Butler 2000)
  68. Re: What is the default seed for the encrypt context? (John Peacock 2000)
  69. Re: What is the default seed for the encrypt context? (Bob Minor 2000)
  70. What is the default seed for the encrypt context? (Nicolas Verhaeghe 2000)
  71. Re: Encrypt question. (MARC MALACARME 2000)
  72. Re: Encrypt question. (Kenneth Grome 2000)
  73. Re: Encrypt question. (Marc 2000)
  74. Re: Encrypt question. (John Butler 2000)
  75. Re: Encrypt question. (John Butler 2000)
  76. Re: Encrypt question. (MARC MALACARME 2000)
  77. Re: Encrypt question. (James Howarth 2000)
  78. Re: Encrypt question. (Kenneth Grome 2000)
  79. Re: Encrypt question. (MARC MALACARME 2000)
  80. Re: Encrypt question. (Kenneth Grome 2000)
  81. Re: Encrypt question. (MARC MALACARME 2000)
  82. Re: Encrypt question. (Kenneth Grome 2000)
  83. Encrypt question. (MARC MALACARME 2000)
  84. about to encrypt a template (Joseph D'Andrea 2000)
  85. Re: Encrypt Problems (Joseph D'Andrea 2000)
  86. Encrypt Problems (Brian Boegershausen 2000)
  87. Re: [ENCRYPT seed=xxxxx] length (John Peacock 2000)
  88. Re: [ENCRYPT seed=xxxxx] length (Kenneth Grome 2000)
  89. [ENCRYPT seed=xxxxx] length (Derek C. 2000)
  90. Re: WebCat Mac OS X and Encrypt Help Need (dale@gmr.dresdner.net 2000)
  91. WebCat Mac OS X and Encrypt Help Need (Palle Bo Nielsen 2000)
  92. Re: Encrypt broken on Mac 3.05b13?? (Grant Hulbert 2000)
  93. Re: Encrypt broken on Mac 3.05b13?? (Marty Schmid 2000)
  94. Re: Encrypt broken on Mac 3.05b13?? (Grant Hulbert 2000)
  95. Encrypt broken on Mac 3.05b13?? (Marty Schmid 2000)
  96. Re: Encrypt broken on Mac 3.05b13?? (Kenneth Grome 2000)
  97. Re: Encrypt broken on Mac 3.05b13?? (webcatalog@smithmicro.com 2000)
  98. Encrypt broken on Mac 3.05b13?? (Marty Schmid 2000)
  99. failure to encrypt (or maybe decrypt) (ken@chargemaster.com 1999)
  100. faulure to encrypt (or maybe decrypt) (Kenneth Grome 1999)
  101. Re: WebCat Contest Now: Encrypt and Sell (The Mooseman 1998)
  102. Re: Template Encrypt Speed (PCS Technical Support 1998)
  103. Re: Template Encrypt Speed (Paul Willis 1998)
  104. Re: Template Encrypt Speed (John Hill 1998)
  105. Template Encrypt Speed (Bob Minor 1998)
  106. Re: Encrypt and Commit Me (PCS Technical Support 1998)
  107. Encrypt and Commit Me (The Mooseman 1998)
  108. Re: Encrypt Users.db problem (PCS Technical Support 1998)
  109. Re: Encrypt Users.db problem (Kenneth Grome 1998)
  110. Encrypt Users.db problem (Wayne Morishige 1998)
  111. how to use encrypt and searching (Olin 1998)
  112. Re: Users.db [encrypt seed=????] (Grant Hulbert 1998)
  113. Re: Users.db [encrypt seed=????] (Bob Minor 1998)
  114. Users.db [encrypt seed=????] (Marty Schmid 1998)
>We have decided to encrypt all credit card data just in case someone is able >to break into our server (nothing is ever 100% secure). Of course, they can >read the templates to get the encryption seed but we'll also encrypt the >templates to prevent this. > >I was URLing the encrypted data to avoid interpretation problems with the WC >commands. For example, if the encrypted data had a & code in it, this >would prematurely end the data portion of an assignment operator. I'm not >sure if this could occur, but it seems possible given that the encrypt >command could return any 8-bit value. So I figured that URLing the data >would prevent this from occuring. If I'm wrong, it wouldn't be the first >time. You are correct, but this issue of webcatalog *changing* your formatted value before storing it in the order file is nothing new ...For example, when you try to store a value in the expMonth field with a leading zero, such as 08, you will see that webcatalog will NOT store the leading zero like you tried to get it to. Instead, it strips off the leading zero without warning, resulting in a stored value of 8. There is nothing you can do to change this ...Basically, WebCatalog is programmed to *change* our formatted data when it doesn't fit webcat's idea of what that data is supposed to look like. Granted, this does not occur in all order file fields, but it should not occur in ANY of them, because it forces webcat's very limited internal formatting on us, even when we need a different format for our data ... :(This specific behavior occurs in both the expMonth and expYear fields. Webcat can also do screwy things with the values you try to store in the accountNum field when it doesn't like the format you give it. It seems you have discovered this 'feature' by trying to store values it doesn't like in that field ...WebCat may also change other order file field values as well, but SM has ignored me every time I asked them for a list of *all* the fields which are subject to this kind of internal 'behind-the-scenes' data manipulation. So I guess this is just another one of those 'secrets' that they would rather keep from us than to share openly ... :(Fortunately we have a work-around which you have already discovered -- the header fields. Using these fields is the only guaranteed way to prevent webcat's internal code from changing our formatted values. It seems that webcat doesn't know what kind of data you're going to store in these fields, so it must 'leave it alone' instead of mucking with it.Kinda makes you wonder why 'features' like this have been built into webcat for years, yet they are still never mentioned in the docs, right?As far as I am concerned, webcat should NEVER muck with the data I tell it to store for me, it should always store *exactly* what I tell it to store, without changing anything. But if it's going to muck with something anyways (as it does) then SM should *document* this potentially problematic behavior, instead of keeping it a secret from us until it creates problems.:( ================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Fwd: FW: Purchase Command error (1997) PIXO support (1997) Re1000001: Setting up shop (1997) One other big addition... (1997) Running 2 two WebCatalog.acgi's (1996) Preserving form data (1999) Setting up shop (1997) [WriteFile] problems (1997) Sample Tearoom Search Error - Solved! (1997) chat opinion ... (2002) RE: Error reading data -1 (1997) Secure server question (1997) sendmail spaces (1997) Setting up shop (1997) Safari browser and WebDNA set-cookies (2003) browser info.txt and SSL (1997) Bug or syntax error on my part? (1997) Running 2 two WebCatalog.acgi's (1996) breaking & sorting (2000) $flushdatabases question ... (1998)