What is WebDNA

WebDNA is a scripting and database system designed to easily build web applications.

WebDNA and BioType

BioType service is a biometric keystroke dynamic system. It will be part of WebDNA 8.5

Download WebDNA

Download WebDNA freeware, try it and register later if you want.

WebDNA resources

The list of all WebDNA instructions.
WebDNA
Software Corporation
Search WebDNA Site
 Menu


HOME


DOWNLOADS


LEARN


EDUCATION


NEWS


COMMUNITY


STORE


SUPPORT


CONTACT

Re: [WebDNA] Security Problem

This WebDNA talk-list message is from

2015


It keeps the original formatting.
numero = 112351
interpreted = N
texte = --001a11c33d322b0c6405188cbd89 Content-Type: text/plain; charset=UTF-8 Stuart, Hi - your emails refer to two different things. The first email gave an example of Cross-Site Scripting (XSS): https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) this is prevented by ensuring that all user generated content / input that may be displayed on a site is validated and encoded. The second email referred to a Cross Site Forgery Request (CSRF): https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) this is prevented by ensuring that all actions on a site undertaken by a logged in user include a random token that is verified before processing the action. Other methods include always checking for a valid referrer header when processing actions, or asking a user to re-eneter their password for particularly secure actions (changing email or password for example). https://www.owasp.org/index.php/CSRF_Prevention_Cheat_Sheet - Tom --001a11c33d322b0c6405188cbd89 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Stuart,

Hi - your emails refer to two d= ifferent things.

The first email gave an example o= f Cross-Site Scripting (XSS):

=C2=A0 =C2=A0=C2=A0<= a href=3D"https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">https= ://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

this is prevented by ensuring that all user generated content / inp= ut that may be displayed on a site is validated and encoded.

=
The second email referred to a Cross Site Forgery Request (CSRF)= :

=C2=A0 =C2=A0=C2=A0https://www.owasp.org/inde= x.php/Cross-Site_Request_Forgery_(CSRF)

this i= s prevented by ensuring that all actions on a site undertaken by a logged i= n user include a random token that is verified before processing the action= . Other methods include always checking for a valid referrer header when pr= ocessing actions, or asking a user to re-eneter their password for particul= arly secure actions (changing email or password for example).
=C2= =A0 =C2=A0=C2=A0
=C2=A0 =C2=A0=C2=A0https://www.owasp.org/index.php/= CSRF_Prevention_Cheat_Sheet

- Tom



--001a11c33d322b0c6405188cbd89-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Security Problem (Tom Duke 2015)
  2. Re: [WebDNA] Security Problem (Stuart Tremain 2015)
  3. [WebDNA] Security Problem (Stuart Tremain 2015)
--001a11c33d322b0c6405188cbd89 Content-Type: text/plain; charset=UTF-8 Stuart, Hi - your emails refer to two different things. The first email gave an example of Cross-Site Scripting (XSS): https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) this is prevented by ensuring that all user generated content / input that may be displayed on a site is validated and encoded. The second email referred to a Cross Site Forgery Request (CSRF): https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) this is prevented by ensuring that all actions on a site undertaken by a logged in user include a random token that is verified before processing the action. Other methods include always checking for a valid referrer header when processing actions, or asking a user to re-eneter their password for particularly secure actions (changing email or password for example). https://www.owasp.org/index.php/CSRF_Prevention_Cheat_Sheet - Tom --001a11c33d322b0c6405188cbd89 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Stuart,

Hi - your emails refer to two d= ifferent things.

The first email gave an example o= f Cross-Site Scripting (XSS):

=C2=A0 =C2=A0=C2=A0<= a href=3D"https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">https= ://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

this is prevented by ensuring that all user generated content / inp= ut that may be displayed on a site is validated and encoded.

=
The second email referred to a Cross Site Forgery Request (CSRF)= :

=C2=A0 =C2=A0=C2=A0https://www.owasp.org/inde= x.php/Cross-Site_Request_Forgery_(CSRF)

this i= s prevented by ensuring that all actions on a site undertaken by a logged i= n user include a random token that is verified before processing the action= . Other methods include always checking for a valid referrer header when pr= ocessing actions, or asking a user to re-eneter their password for particul= arly secure actions (changing email or password for example).
=C2= =A0 =C2=A0=C2=A0
=C2=A0 =C2=A0=C2=A0https://www.owasp.org/index.php/= CSRF_Prevention_Cheat_Sheet

- Tom



--001a11c33d322b0c6405188cbd89-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Clear command and ShoppingCart.tmpl (1997) Using Applescript to process WebCatalog functions (1998) WebCat2: Items xx to xx shown, etc. (1997) Document Contains No Data! (1997) WebCat editing, SiteGuard WAS:SiteAssociative lookup style? (1997) Running 2 two WebCatalog.acgi's (1996) too many nested [xxx] (1997) Credit Card not accepted (1998) WC2.0 Memory Requirements (1997) Cart Unique After Rolling Back Time? (2001) Looping Search (2006) Truncated [textA] (2000) Weird problems with [SHOWIF]s (1997) Re:Merging databases (1997) Am I going senile? (Price recalc based on quantity) (1997) Playin Tricks (2006) SiteEdit Pro Update Announcement (1997) [WebDNA] Non-numbers entered into a field that asks for a (2008) Creating main- and sub-category search (1997) WebCatalog/Mac 2.1b2 New Features (1997)