Re: Variable security
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 33455
interpreted = N
texte = > The logic is twofold: it is much harder, if not impossible to do the> same with math variables, and secondly the vast majority of legacy> code that mis-used the old variable hierarchy was using text> variables, not math variablesWhose legacy code, yours or mine? Are you saying the old variable hierarchydid not apply to math variables?Why do you continue to say that it is mis-used? Can you please explain howthis is a misuse.Quoted from an earlier post:> [text secure=f&multi=t]fname=&lname=[/text]> [math secure=f]error=0[/math]>
> > then on my submitted page I do:> [formvariables]> [showif [value]=][math show=f]error=error+1[/math][/showif]> [/formvariables]> [showif [error]>0]> [redirect > thispage.tpl?error=[error][formvariables]&[name]=[value][/formvariables]]> [showif]> [fname] [lname] you done good digging through that form.> > why is this insecure. Who cares if they override my variables? If I decide tomake a security program I will be sure to avoid this> possible security hole, but on non secure/unimportant areas, why should I> protect them like fort knox. This is just one example I have hundreds that> work. Why would having a feature that is adjustable be a bad thing? > I saw Johns comments on the insecurity of this type of programming, but unless> you are opening a hole, there is no hole and therefore this programming> technique is valid. You may just need to think about what you are doing before> you do it. I certainly won't be denying ipaddresses using this technique.Again what is the problem with this, in this instance? What could the userpossibly do in this case?Robert MinorDirector of Internet Services------------------------------------------------------------Cybermill Communicationshttp://www.cybermill.com http://www.merchantmaker.comProviding Ecommerce and interactive website development andhosting services on Macintosh, Windows NT, Unix, and AS/400.> From: Grant Hulbert
> Reply-To: > Date: Tue, 20 Jun 2000 13:55:15> To: > Subject: Re: Variable security> > The logic is twofold: it is much harder, if not impossible to do the> same with math variables, and secondly the vast majority of legacy> code that mis-used the old variable hierarchy was using text> variables, not math variables.#############################################################This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Associated Messages, from the most recent to the oldest:
> The logic is twofold: it is much harder, if not impossible to do the> same with math variables, and secondly the vast majority of legacy> code that mis-used the old variable hierarchy was using text> variables, not math variablesWhose legacy code, yours or mine? Are you saying the old variable hierarchydid not apply to math variables?Why do you continue to say that it is mis-used? Can you please explain howthis is a misuse.Quoted from an earlier post:> [text secure=f&multi=t]fname=&lname=[/text]> [math secure=f]error=0[/math]> > > then on my submitted page I do:> [formvariables]> [showif [value]=][math show=f]error=error+1[/math][/showif]> [/formvariables]> [showif [error]>0]> [redirect > thispage.tpl?error=[error][formvariables]&[name]=[value][/formvariables]]> [showif]> [fname] [lname] you done good digging through that form.> > why is this insecure. Who cares if they override my variables? If I decide tomake a security program I will be sure to avoid this> possible security hole, but on non secure/unimportant areas, why should I> protect them like fort knox. This is just one example I have hundreds that> work. Why would having a feature that is adjustable be a bad thing? > I saw Johns comments on the insecurity of this type of programming, but unless> you are opening a hole, there is no hole and therefore this programming> technique is valid. You may just need to think about what you are doing before> you do it. I certainly won't be denying ipaddresses using this technique.Again what is the problem with this, in this instance? What could the userpossibly do in this case?Robert MinorDirector of Internet Services------------------------------------------------------------Cybermill Communicationshttp://www.cybermill.com http://www.merchantmaker.comProviding Ecommerce and interactive website development andhosting services on Macintosh, Windows NT, Unix, and AS/400.> From: Grant Hulbert > Reply-To: > Date: Tue, 20 Jun 2000 13:55:15> To: > Subject: Re: Variable security> > The logic is twofold: it is much harder, if not impossible to do the> same with math variables, and secondly the vast majority of legacy> code that mis-used the old variable hierarchy was using text> variables, not math variables.#############################################################This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Bob Minor
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
CERT Advisory on malicious scripts (2000)
OLD ORDERS (1998)
maximu values for sendmail! (1997)
Absolute path (2003)
Webcat/Webmerchant (1998)
new WebDNA 5 command reference (2003)
WebCatalog NT beta 18 now available (1997)
WebDNA Solutions ... sorry! (1997)
All choice in popups (1997)
Snake Bites (1997)
template cache problem (1998)
date range (1998)
[delete] problem (1997)
Summing fields (1997)
restarting service remotely on NT (1997)
Shipcost Based on SubTotal (1998)
[WebDNA] Electronic Delivery (download) (2008)
Browser Info.txt (1997)
pc (1997)
Document Contains No Data! (1997)