Re: math variable security

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 33400
interpreted = N
texte = Actually that means nothing. I would not recommend the use of a shovel as a hammer but a shovel is very useful. If you want to use the following:[text secure=f&multi=t]fname=&lname=[/text] [math secure=f]error=0[/math]
[showif [error]>1][showif [fname]=]oops this one is blank[/showif][/showif]
[showif [error]>1][showif [lname]=]oops this one is blank[/showif][/showif]
then on my submitted page I do: [formvariables] [showif [value]=][math show=f]error=error+1[/math][/showif] [/formvariables] [showif [error]>0] [redirect thispage.tpl?error=[error][formvariables]&[name]=[value][/formvariables]] [showif] [fname] [lname] you done good digging through that form.why is this insecure. Who cares if they override my variables? My shovel works fine. If I decide to make a security program I will be sure to avoid this possible security hole, but on non secure/unimportant areas, why should I protect them like fort knox. This is just one example I have hundreds that work. Why would having a feature that is adjustable be a bad thing?I understand that maintaining a logical flow for both variable types maybe difficult, but I see it as a mistake not to.I saw Johns comments on the insecurity of this type of programming, but unless you are opening a hole, there is no hole and therefore this programming technique is valid. You may just need to think about what you are doing before you do it. I certainly won't be denying ipaddresses using this technique.Heck it doesn't make sense to remove capabilities for our own darn good.Sincerely Robert Minor Director of Internet Services ------------------------------------------------------------ Cybermill Communications http://www.cybermill.com http://www.merchantmaker.comProviding Ecommerce and interactive website development and hosting services on Macintosh, Windows NT, Unix, and AS/400.> From: WebDNA Support > Reply-To: (WebCatalog Talk) > Date: Mon, 19 Jun 2000 21:49:03 > To: (WebCatalog Talk) > Subject: Re: math variable security > > It was hard enough to add to text variables. It's difficult to > explain, but doing the same for [math] would be much harder. Not to > mention the fact that we don't recommend this un-secure use of either > text or math variables. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: math variable security [MEDIUM LONG] (Bob Minor 2000)
  2. Re: math variable security [MEDIUM LONG] (John Peacock 2000)
  3. Re: math variable security [MEDIUM LONG] (Bob Minor 2000)
  4. Re: math variable security [VERY LONG] (John Peacock 2000)
  5. Re: math variable security (Paul Uttermohlen 2000)
  6. Re: math variable security (Bob Minor 2000)
  7. Re: math variable security (WebDNA Support 2000)
  8. Re: math variable security (Bob Minor 2000)
  9. Re: math variable security (WebDNA Support 2000)
  10. math variable security (Bob Minor 2000)
Actually that means nothing. I would not recommend the use of a shovel as a hammer but a shovel is very useful. If you want to use the following:[text secure=f&multi=t]fname=&lname=[/text] [math secure=f]error=0[/math]
[showif [error]>1][showif [fname]=]oops this one is blank[/showif][/showif]
[showif [error]>1][showif [lname]=]oops this one is blank[/showif][/showif]
then on my submitted page I do: [formvariables] [showif [value]=][math show=f]error=error+1[/math][/showif] [/formvariables] [showif [error]>0] [redirect thispage.tpl?error=[error][formvariables]&[name]=[value][/formvariables]] [showif] [fname] [lname] you done good digging through that form.why is this insecure. Who cares if they override my variables? My shovel works fine. If I decide to make a security program I will be sure to avoid this possible security hole, but on non secure/unimportant areas, why should I protect them like fort knox. This is just one example I have hundreds that work. Why would having a feature that is adjustable be a bad thing?I understand that maintaining a logical flow for both variable types maybe difficult, but I see it as a mistake not to.I saw Johns comments on the insecurity of this type of programming, but unless you are opening a hole, there is no hole and therefore this programming technique is valid. You may just need to think about what you are doing before you do it. I certainly won't be denying ipaddresses using this technique.Heck it doesn't make sense to remove capabilities for our own darn good.Sincerely Robert Minor Director of Internet Services ------------------------------------------------------------ Cybermill Communications http://www.cybermill.com http://www.merchantmaker.comProviding Ecommerce and interactive website development and hosting services on Macintosh, Windows NT, Unix, and AS/400.> From: WebDNA Support > Reply-To: (WebCatalog Talk) > Date: Mon, 19 Jun 2000 21:49:03 > To: (WebCatalog Talk) > Subject: Re: math variable security > > It was hard enough to add to text variables. It's difficult to > explain, but doing the same for [math] would be much harder. Not to > mention the fact that we don't recommend this un-secure use of either > text or math variables. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Bob Minor

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Backwards list behavior ... (1997) Bookmarked URL with cart (1998) OT: Sendmail (2005) test (2000) [group] ? (1997) Summary search -- speed (1997) RE: New WebCatalog Version !!! (1997) [delete] problem (1997) WebCat2b13MacPlugIn - [shownext method=post] ??? (1997) Listfiles on network with NT (2000) WCf2 and nested tags (1997) Return records from another (1997) Shopping Cart Problem (1998) New Media Careers -- Jobs! (1998) [WebDNA] Can't see were it's wrong.... (2017) Verify entry into a text field (2005) [WriteFile] problems (1997) Having SSL pages on separate server (1999) Car Database (2002) Porting to NT (2001)