Re: [WebDNA] PCI Vulnerability testing

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102398
interpreted = N
texte = It seems removeHTML is a way to go although I have not tested what happens with URLed characters. If going grep or getchars, I would use a white list and not limit the length. Otherwise long variables will pass the troublesome code. Bill On Mon, Apr 13, 2009 at 3:09 PM, Govinda wro= te: > =A0[removehtml][userInput][/removehtml] > -G > On Apr 13, 2009, at 12:47 PM, William DeVaul wrote: > >> I have no idea about a server level fix. =A0This goes to never trusting >> user input. =A0I thought it should always be surrounded by [raw] and >> [url] to prevent this. >> >> What do others do? >> >> Bill > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ > Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009)
  2. Re: [WebDNA] PCI Vulnerability testing (Jeffrey Jones 2009)
  3. Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009)
  4. Re: [WebDNA] PCI Vulnerability testing (William DeVaul 2009)
  5. Re: [WebDNA] PCI Vulnerability testing (Jeffrey Jones 2009)
  6. Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009)
  7. Re: [WebDNA] PCI Vulnerability testing (Govinda 2009)
  8. Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009)
  9. Re: [WebDNA] PCI Vulnerability testing (Govinda 2009)
  10. Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009)
  11. Re: [WebDNA] PCI Vulnerability testing (William DeVaul 2009)
  12. Re: [WebDNA] PCI Vulnerability testing (Govinda 2009)
  13. Re: [WebDNA] PCI Vulnerability testing (Marc Thompson 2009)
  14. Re: [WebDNA] PCI Vulnerability testing (William DeVaul 2009)
  15. [WebDNA] PCI Vulnerability testing (Bob Minor 2009)
It seems removeHTML is a way to go although I have not tested what happens with URLed characters. If going grep or getchars, I would use a white list and not limit the length. Otherwise long variables will pass the troublesome code. Bill On Mon, Apr 13, 2009 at 3:09 PM, Govinda wro= te: > =A0[removehtml][userInput][/removehtml] > -G > On Apr 13, 2009, at 12:47 PM, William DeVaul wrote: > >> I have no idea about a server level fix. =A0This goes to never trusting >> user input. =A0I thought it should always be surrounded by [raw] and >> [url] to prevent this. >> >> What do others do? >> >> Bill > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ > William DeVaul

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Pirated WebCat? NOT... (2003) why is this line in GeneralStore? (1998) Price override - solved (2004) Re:2nd WebCatalog2 Feature Request (1996) What am I missing (1997) group1field question (1999) WebCommerce: Folder organization ? (1997) Just Testing (1997) database paths/names, and a typo (1997) Appending space (1998) MacAuthorize hub, no modal password dialog? (1997) Occasional crashes with $remove (1997) Multiple Pulldowns/Gary (1997) emailer (1997) Sku numbers (1997) SKU (1997) Re2: frames & carts (1997) fresh eyes needed. Append won't work. (2000) sort problems....bug or brain fart? (1997) [convertchars] limits (1998)