Re: [TEXT SECURE=T]

This WebDNA talk-list message is from

2000

It keeps the original formatting. numero = 32039
interpreted = N
texte = Any time a security problem comes to light, all bets are off as to wherethe change needs to be made. There have been plenty of security problems with ColdFusion, ASP, and even Perl that required edits of usersource to fix. There is also no use arguing; Grant has made very clear that they will not ship the program without Secure=T as the default. There is no one requiring you to upgrade to 4.0 if you cannot change your templates. There is also every reason to suspect that many, if not most templates will require no changes at all. It is only if you used the specific technique of relying on command line variables overriding text variables that anything needs to be changed in the first place.And it is extremely unlikely that any ResEdit change could be made toflip the security, since the change alters the very nature of the parsetree.John PeacockAlex McCombie wrote:> > on 5/18/00 2:12 PM, John Peacock at JPeacock@UnivPress.com wrote:> > > This is a security fix, not an upgrade. Secure=T is the only default> > that makes sense. Anyone with a reasonable editor can quickly update> > all of their sites in minutes. SM is not jilting customers; they are> > fixing a very significant security problem.> >> > John Peacock> Since a security fix often involves changed to the code set of an app and> not the forced change of potentially hundreds of files by the actual> customers...> > and since I know many users have purchased encrypted pages that they cannot> fix themselves...> > and since some providers have other clients using WebDNA on their own> collocated sites and thus will end up in support 'heaven'...> > how about this...> > anyone finding through unofficial means a ResEdit change or resource editor> or should SM decide to add this default setting of secure=T to their> preference files (hint hint), I would certainly like to know of that> information because I would not hesitate to change it's usage if it served> me better that way.> > ......> > --> Alex J. McCombie (800-724-8973)> http://OurClients.com Corporate> http://McCombie.com Personal (Alex@McCombie.com)> > http://ClubGab.com/> <--- Now here's a serious Chat Room! --->#############################################################This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

Re: [TEXT SECURE=T] (Nicolas Verhaeghe 2000)
Re: [TEXT SECURE=T] (Alex McCombie 2000)
Re: [TEXT SECURE=T] (Nicolas Verhaeghe 2000)
Re: [TEXT SECURE=T] (Alex McCombie 2000)
Re: [TEXT SECURE=T] (Kenneth Grome 2000)
Re: [TEXT SECURE=T] (John Peacock 2000)
Re: [TEXT SECURE=T] (John Peacock 2000)
[TEXT SECURE=T] (Brian Rhoten 2000)

Any time a security problem comes to light, all bets are off as to wherethe change needs to be made. There have been plenty of security problems with ColdFusion, ASP, and even Perl that required edits of usersource to fix. There is also no use arguing; Grant has made very clear that they will not ship the program without Secure=T as the default. There is no one requiring you to upgrade to 4.0 if you cannot change your templates. There is also every reason to suspect that many, if not most templates will require no changes at all. It is only if you used the specific technique of relying on command line variables overriding text variables that anything needs to be changed in the first place.And it is extremely unlikely that any ResEdit change could be made toflip the security, since the change alters the very nature of the parsetree.John PeacockAlex McCombie wrote:> > on 5/18/00 2:12 PM, John Peacock at JPeacock@UnivPress.com wrote:> > > This is a security fix, not an upgrade. Secure=T is the only default> > that makes sense. Anyone with a reasonable editor can quickly update> > all of their sites in minutes. SM is not jilting customers; they are> > fixing a very significant security problem.> >> > John Peacock> Since a security fix often involves changed to the code set of an app and> not the forced change of potentially hundreds of files by the actual> customers...> > and since I know many users have purchased encrypted pages that they cannot> fix themselves...> > and since some providers have other clients using WebDNA on their own> collocated sites and thus will end up in support 'heaven'...> > how about this...> > anyone finding through unofficial means a ResEdit change or resource editor> or should SM decide to add this default setting of secure=T to their> preference files (hint hint), I would certainly like to know of that> information because I would not hesitate to change it's usage if it served> me better that way.> > ......> > --> Alex J. McCombie (800-724-8973)> http://OurClients.com Corporate> http://McCombie.com Personal (Alex@McCombie.com)> > http://ClubGab.com/> <--- Now here's a serious Chat Room! --->#############################################################This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to John Peacock

DOWNLOAD WEBDNA NOW!

Re: [TEXT SECURE=T]

2000

Top Articles:

Related Readings: