Re: Variable security
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 33455
interpreted = N
texte = > The logic is twofold: it is much harder, if not impossible to do the> same with math variables, and secondly the vast majority of legacy> code that mis-used the old variable hierarchy was using text> variables, not math variablesWhose legacy code, yours or mine? Are you saying the old variable hierarchydid not apply to math variables?Why do you continue to say that it is mis-used? Can you please explain howthis is a misuse.Quoted from an earlier post:> [text secure=f&multi=t]fname=&lname=[/text]> [math secure=f]error=0[/math]>
> > then on my submitted page I do:> [formvariables]> [showif [value]=][math show=f]error=error+1[/math][/showif]> [/formvariables]> [showif [error]>0]> [redirect > thispage.tpl?error=[error][formvariables]&[name]=[value][/formvariables]]> [showif]> [fname] [lname] you done good digging through that form.> > why is this insecure. Who cares if they override my variables? If I decide tomake a security program I will be sure to avoid this> possible security hole, but on non secure/unimportant areas, why should I> protect them like fort knox. This is just one example I have hundreds that> work. Why would having a feature that is adjustable be a bad thing? > I saw Johns comments on the insecurity of this type of programming, but unless> you are opening a hole, there is no hole and therefore this programming> technique is valid. You may just need to think about what you are doing before> you do it. I certainly won't be denying ipaddresses using this technique.Again what is the problem with this, in this instance? What could the userpossibly do in this case?Robert MinorDirector of Internet Services------------------------------------------------------------Cybermill Communicationshttp://www.cybermill.com http://www.merchantmaker.comProviding Ecommerce and interactive website development andhosting services on Macintosh, Windows NT, Unix, and AS/400.> From: Grant Hulbert
> Reply-To: > Date: Tue, 20 Jun 2000 13:55:15> To: > Subject: Re: Variable security> > The logic is twofold: it is much harder, if not impossible to do the> same with math variables, and secondly the vast majority of legacy> code that mis-used the old variable hierarchy was using text> variables, not math variables.#############################################################This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Associated Messages, from the most recent to the oldest:
> The logic is twofold: it is much harder, if not impossible to do the> same with math variables, and secondly the vast majority of legacy> code that mis-used the old variable hierarchy was using text> variables, not math variablesWhose legacy code, yours or mine? Are you saying the old variable hierarchydid not apply to math variables?Why do you continue to say that it is mis-used? Can you please explain howthis is a misuse.Quoted from an earlier post:> [text secure=f&multi=t]fname=&lname=[/text]> [math secure=f]error=0[/math]> > > then on my submitted page I do:> [formvariables]> [showif [value]=][math show=f]error=error+1[/math][/showif]> [/formvariables]> [showif [error]>0]> [redirect > thispage.tpl?error=[error][formvariables]&[name]=[value][/formvariables]]> [showif]> [fname] [lname] you done good digging through that form.> > why is this insecure. Who cares if they override my variables? If I decide tomake a security program I will be sure to avoid this> possible security hole, but on non secure/unimportant areas, why should I> protect them like fort knox. This is just one example I have hundreds that> work. Why would having a feature that is adjustable be a bad thing? > I saw Johns comments on the insecurity of this type of programming, but unless> you are opening a hole, there is no hole and therefore this programming> technique is valid. You may just need to think about what you are doing before> you do it. I certainly won't be denying ipaddresses using this technique.Again what is the problem with this, in this instance? What could the userpossibly do in this case?Robert MinorDirector of Internet Services------------------------------------------------------------Cybermill Communicationshttp://www.cybermill.com http://www.merchantmaker.comProviding Ecommerce and interactive website development andhosting services on Macintosh, Windows NT, Unix, and AS/400.> From: Grant Hulbert > Reply-To: > Date: Tue, 20 Jun 2000 13:55:15> To: > Subject: Re: Variable security> > The logic is twofold: it is much harder, if not impossible to do the> same with math variables, and secondly the vast majority of legacy> code that mis-used the old variable hierarchy was using text> variables, not math variables.#############################################################This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Bob Minor
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
emailer (1997)
Feature requests (1998)
[ShowNext] (1997)
$flushdatabases question ... (1998)
Locking up with WebCatalog... (1997)
Finding max value for a field (1997)
server side includes & webcatalog (2000)
help needed: Non-english characters in WebCatalog (1997)
Moment of Thanks (1997)
Problems with ^ could be solved with [REPLACE CHARACTERS] (1997)
Re:quit command on NT (1997)
FTP via Shell Question (2005)
Emailer Set Up (1997)
[search] sort problem (2003)
Cart Transfer from Un-Secure to Secure (2000)
RE: OK, here goes... (1997)
Many $WebCat.exe processes (1998)
Custom error files (1998)
server admin problems (2005)
Separate SSL Server (1997)