Re: No subject given

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31350
interpreted = N
texte = Oh my GOD! Ken and I agree about something. Hmmm, I must be thinking about this wrong, or something...8~}John PeacockKenneth Grome wrote: > > >With that in mind, I have to change my mind and go with the [text secure=f] > >mode. This will require updates to existing template, and may even include > >massive rewrites. The worst case scenario would have all instances of [text] > >replaced with [text secure=f], which would then put the onus for the lack of > >security on the programmer involved. > > > >But since the security failure of the present model has now been > >revealed, this > >is the only prudent course of action. I don't think that there should be a > >system option to make the reverse (insecure mode) be the default behavior. > > I agree 100%. It only makes sense to change the default to secure, > given the fact that this really is a security issue in some > situations, depending upon how certain variables are used. Besides, > the global changes to any existing site would be minimal in order to > maintain backward compatibility, requiring no more than three passes > in bbedit: > > 1- change [text] to [text secure=f] > 2- change [text show=f] to [text show=f&secure=f] > 3- change [text show=t] to [text show=t&secure=f] > > Once these three passes are performed, all our old sites will gain > the advantage of having the new secure variable hierarchy to work > with wherever we need it -- without breaking things. > > ================================ > Kenneth Grome, WebDNA Consultant > 808-737-6499 http://webdna.net > ================================ >############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re: Grepping text variable tags (was: Re: No subject given) (John Butler 2000)
  2. Re: Grepping text variable tags (was: Re: No subject given) (John Peacock 2000)
  3. Re: Grepping text variable tags (was: Re: No subject given) (John Peacock 2000)
  4. Re: Grepping text variable tags (was: Re: No subject given) (Chuck Rice 2000)
  5. Re: Grepping text variable tags (was: Re: No subject given) (Kenneth Grome 2000)
  6. Re: Grepping text variable tags (was: Re: No subject given) (Jereme Claussen 2000)
  7. Re: Grepping text variable tags (was: Re: No subject given) (Kenneth Grome 2000)
  8. Grepping text variable tags (was: Re: No subject given) (Rob Marquardt 2000)
  9. Re: No subject given (Jereme Claussen 2000)
  10. Re: No subject given (Kenneth Grome 2000)
  11. Re: No subject given (John Peacock 2000)
  12. Re: No subject given (Jereme Claussen 2000)
  13. Re: No subject given (John Peacock 2000)
  14. Re: No subject given (Kenneth Grome 2000)
  15. No subject given (jpeacock@univpress.com 2000)
Oh my GOD! Ken and I agree about something. Hmmm, I must be thinking about this wrong, or something...8~}John PeacockKenneth Grome wrote: > > >With that in mind, I have to change my mind and go with the [text secure=f] > >mode. This will require updates to existing template, and may even include > >massive rewrites. The worst case scenario would have all instances of [text] > >replaced with [text secure=f], which would then put the onus for the lack of > >security on the programmer involved. > > > >But since the security failure of the present model has now been > >revealed, this > >is the only prudent course of action. I don't think that there should be a > >system option to make the reverse (insecure mode) be the default behavior. > > I agree 100%. It only makes sense to change the default to secure, > given the fact that this really is a security issue in some > situations, depending upon how certain variables are used. Besides, > the global changes to any existing site would be minimal in order to > maintain backward compatibility, requiring no more than three passes > in bbedit: > > 1- change [text] to [text secure=f] > 2- change [text show=f] to [text show=f&secure=f] > 3- change [text show=t] to [text show=t&secure=f] > > Once these three passes are performed, all our old sites will gain > the advantage of having the new secure variable hierarchy to work > with wherever we need it -- without breaking things. > > ================================ > Kenneth Grome, WebDNA Consultant > 808-737-6499 http://webdna.net > ================================ >############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] reply vs. new (2009) WebCat editing, SiteGuard & SiteEdit (1997) Beta Documentation (1997) Replace and Date (2002) WC1.6 to WC2 date formatting -FIXED! (1997) RE: [isfolder] and [filename] (1997) Dealer locator (1998) plugin-acgi, different results (1997) why why why (2004) For those of you not on the WebCatalog Beta... (1997) Error: Permision deny. (2005) Just Testing (1997) hideif/showif causes error if wrapped around searches (2003) Bit off subject -- Faxing orders (1997) A question on sub-categories (1997) New Guestbook Source (1997) auto adding SKUs w/DB helper (1998) Allowed fields in formulas.db (1998) using showpage and showcart commands (1996) Database Options (1997)